Skill audit report

Malicious Pdf audit report.

💀 Generate malicious PDF test files for testing phone-home callbacks, SSRF, XSS, NTLM credential theft, and data exfiltration in PDF viewers, converters, and web applications. Can be used with Burp Collaborator or Interact.sh

REVIEWED · REVIEWSafe to tryGenerated Jun 16, 2026Heuristic metadata audit

Audit

Trust

100

Quality

Security

100

Maintain

Install

OpenAgentSkill Trust Score

Production candidate

Stars, maintenance, license, docs, dependency risk, and installability.

The Trust Score is OpenAgentSkill's adoption layer. It is designed to help an agent decide whether a skill is safe enough to shortlist before installation.

GitHub adoption

PASS

4.1K GitHub stars

Recent maintenance

PASS

100

11d since push

License clarity

PASS

BSD-2-Clause

README/SKILL.md completeness

PASS

Metadata includes enough usage and workflow context

Dependency risk

INFO

credential or environment access

Install availability

PASS

npx skills add jonaslejon/malicious-pdf

Repository evidence

PASS

https://github.com/jonaslejon/malicious-pdf

Review status

PASS

AI review data available

Checks

Install and adoption review

7 passed · 1 review

Install path

PASS

npx skills add jonaslejon/malicious-pdf

Repository

PASS

https://github.com/jonaslejon/malicious-pdf

License

PASS

BSD-2-Clause

Maintenance

100

PASS

11d since push

AI review

PASS

Approved with no listed issues

README/SKILL.md completeness

PASS

Usable description available

Dependency risk

CHECK

credential or environment access

Adoption

PASS

4.1K GitHub stars

Warnings

No major warnings detected from available metadata.

Method

This report combines public metadata, AI review output, repository freshness, install readiness, OpenAgentSkill events, quality scoring, trust checks, and the agent safety gate. It is not a full source-code security review.

Install path

Review the report before installing into production agents.

$ npx skills add jonaslejon/malicious-pdf

Signals

Audit score: 96/100
Quality: 100/100
Trust: 93/100
Maintenance: 11d since push
Events: 9 events
GitHub stars: 4.1K
Last push: Jun 4, 2026

Agent safety v2

68/100 · Review before install

Reviewed with permission notesreview

Usable candidate, but the agent should surface permission and audit notes before installation.

Require human approval before installing into a real workspace.

High-risk permission hints: Secrets or environment access
68/100 agent safety score

Network access

medium

Skill likely fetches remote pages, APIs, repositories, or external services.

Filesystem access

medium

Skill may read or write project files, documents, generated artifacts, or local workspace state.

Secrets or environment access

high

Skill metadata references credentials, tokens, environment variables, or secret-bearing workflows.

High-risk permission hints: Secrets or environment access

Back to skill Alternatives Audit badge SVG

Compare nearby options

Malicious Pdf audit report.

Stars, maintenance, license, docs, dependency risk, and installability.

Install and adoption review

Related skills to audit next

Markitdown

PaddleOCR

Stirling PDF