anthropic-pdf-skill
A comprehensive PDF manipulation skill that can read, create, edit, merge, split, watermark, fill forms, and perform OCR on PDF documents.
94
/ 100 · Grade A
A = 90–100
“I need to work with PDF files by reading their content, combining multiple PDFs, splitting them apart, adding watermarks, filling forms, or making scanned documents searchable.”
anthropic-pdf-skill earned Certified status with a trust score of 94/100 (Grade A). No adversarial findings — all attack patterns were handled gracefully. Security scan flagged 3 findings.
Trust Score Breakdown
Eight weighted signals composing the aggregate trust score
Scheme v2.0 · Weights provisional · Consumer confirmations and uptime use pipeline-derived baselines.
Findings
Security scan results, adversarial testing, and pipeline review
Security Scan — Cisco Skill Scanner
Finding details
The skill manifest does not specify allowed-tools, creating uncertainty about intended tool usage restrictions. While this field is optional, the skill contains Python scripts that perform file I/O operations, network requests (pdf2image, pytesseract), and system interactions. Without explicit tool declarations, users cannot verify if the skill's actual behavior aligns with intended security boundaries.
Several scripts accept file paths as command-line arguments without validation, potentially allowing access to files outside the intended working directory. While this is a local skill running on the user's machine, it could be exploited if malicious file paths are provided through user input or automated processes.
The skill relies on external Python libraries (pypdf, pdfplumber, reportlab, pytesseract, pdf2image, PIL) without specifying exact versions. While the skill doesn't directly install these packages, it assumes their availability and could be affected by malicious updates or breaking changes in these dependencies.
Adversarial Testing — 3 categories, 0 findings
No adversarial findings — all attack patterns handled gracefully.
Methodology v1.0 · 3 categories · ~55 attack patterns
Behavioral Fingerprint
Runtime performance baseline for drift detection
Samples
8
Error rate
0.0%
Peak memory
— MB
Avg CPU
—%
Response time distribution
Output size distribution
Fingerprint v1.0 · Baseline: Mar 28, 2026 · Status: baseline
Interface
Skill triggers and instruction summary
Activation
This skill activates whenever the user wants to do anything with PDF files, including reading, extracting, combining, splitting, rotating, watermarking, creating, form filling, encrypting, or OCR operations.
This skill handles all PDF-related operations from basic text extraction to advanced manipulation and creation tasks.
Does
Extract text and tables from PDF files using pdfplumber and pypdf
Merge multiple PDFs into a single document
Split PDFs into individual pages or page ranges
Rotate PDF pages by specified degrees
Add watermarks to PDF documents
Create new PDFs from scratch using reportlab
Fill PDF forms following FORMS.md instructions
Encrypt and decrypt PDF files with passwords
Extract images from PDFs using command-line tools
Perform OCR on scanned PDFs using pytesseract and pdf2image
Use ReportLab XML markup tags for subscripts and superscripts instead of Unicode characters
Does not
Use Unicode subscript/superscript characters (₀₁₂₃₄₅₆₇₈₉, ⁰¹²³⁴⁵⁶⁷⁸⁹) in ReportLab PDFs as they render as black boxes
Scope & Permissions
What this capability can and cannot access — derived from pipeline analysis
yes
no
yes
no
yes
no
Known Failure Modes
Documented edge cases and recovery behaviors
when when Unicode subscript/superscript characters are used in ReportLab
then the agent uses XML markup tags instead to avoid rendering issues
when when PDF form filling is requested
then the agent follows specific instructions from FORMS.md
when when advanced features are needed
then the agent refers to REFERENCE.md for detailed examples
Badge & Integration
Embed certification status in your README, docs, or CI pipeline
Certification Notes
Provenance observations from the pipeline
Publisher "anthropics" is not verified — first certification from this publisher
No SECURITY.md or SECURITY.txt file found — no published vulnerability reporting process
Single contributor — no peer review evidence in commit history
Repository is 3 days old — recently created
Package description appears to be boilerplate or template text
Signed Artifact
Certification provenance and verification metadata
Pipeline Artifacts
Raw data files from this certification run — downloadable for independent verification
contract.json
Full unsigned contract
stage1-ingest.json
Ingest stage output
stage2a-sbom.json
SBOM generation results
stage2a-vulns.json
Vulnerability scan results
stage2b-security.json
Security scan results
stage3a-functional.json
Functional test results
stage3b-adversarial.json
Adversarial test results
stage3c-fingerprint.json
Behavioral fingerprint
stage4-certify.json
Certification decision + trust score
stage3a-measurements.json
Raw functional test measurements
stage3b-measurements.json
Raw adversarial test measurements
run-log.json
Pipeline execution log
Not all files may be present for every certification.