PDF Stowaway Scanner
← Learn

10 Places Text Can Hide Inside a PDF

July 7, 2026

A PDF is not one document. It is a visible page laid over a much larger store of data, and the two do not have to match. Text can sit in the file while the page shows nothing of it. Instructions, attachments, and code can ride along without ever appearing on screen. This is a tour of the ten places that content hides — the same ten our scanner checks — with a note on when each one is worth worrying about.

The through-line: everything below is invisible or near-invisible to a human reader and fully available to software that reads the file. Some of these are common and harmless. Some are almost never innocent. Knowing which is which is the whole skill.

1. Near-white text

Text colored so close to the page background that a reader sees blank space, while any program parsing the text layer reads it word for word. White text on a white page is the classic hiding trick, and it is almost never legitimate. This is the lowest-false-positive signal there is: if a scan reports near-white text, treat it as real until proven otherwise.

2. Invisible render mode

PDF lets text be drawn in a rendering mode that paints no pixels at all — the characters are placed in the text layer but nothing reaches the page. It is often written as render mode 3. Normal authoring tools essentially never use it, so its presence is a strong signal that someone deliberately made text extractable-but-unseen.

3. Tiny fonts

Text set below about four points is too small to read on screen or in print, yet fully extractable by software. This one carries a medium false-positive risk: a legitimate figure callout or a fine-print label can genuinely dip that small. So read the text a scan flags before judging it. A sub-point line reading “ignore previous instructions” is very different from a 3-point axis label on a chart.

4. Off-page text

Text can be positioned outside the visible crop area — beyond the edges of the page as it is displayed and printed — so it never shows up when the document is viewed. It is common and benign in scanned or OCR-trimmed files, where margins get cut. Outside of that, text living past the page boundary is worth a look. There’s a catch for detection, though: text that sits fully outside the crop box is clipped by the PDF engine before extraction ever sees it, so a scan can’t pull it out and quote it the way it can the other nine categories here. What the scanner flags instead is the crop box mismatch that usually rides along with this trick — the page’s crop area cropped smaller than its full media size — which is worth inspecting even though the cropped-off text itself stays out of reach.

5. Crop box mismatch

Related but distinct: a page can be cropped smaller than its full media size, which pushes whatever falls in the trimmed margin out of view. The content is still in the file; it is just outside the window you see. Frequently this is a harmless artifact of scanning. The move is to inspect what actually falls outside the crop rather than assume either way.

6. Hidden layers

PDFs support optional content groups — layers that can be toggled on and off. A layer can be switched off by default or explicitly marked hidden, and its contents stay in the file, readable by software, even though no ordinary viewer shows them. Most viewers do not even expose a layers panel, which is exactly why this hiding place works. A layer that is off by default deserves scrutiny: read its name and its content.

7. Annotations

Comments, sticky notes, and other annotations carry text that is invisible in normal rendering but still sits in the file structure. Plenty of annotations are legitimate leftovers from editing. But because their content does not appear on the page, annotations are a classic place to tuck instructions. Always read the annotation text rather than trusting that “just a comment” is harmless.

8. Embedded files

A PDF can carry other files attached inside it — spreadsheets, more PDFs, arbitrary data. This is routine on engineering datasheets and unusual on papers or contracts. An attachment can hold an entire hidden document’s worth of text. A scan should always list the names of embedded files; do not open them blindly, since an attachment is exactly where someone would stash content they did not want on the page.

9. Embedded JavaScript

PDFs can contain JavaScript that some viewers run when the file is opened. It is expected in interactive forms and out of place in a static paper or contract. Even setting aside what the code does, its presence is content the document is carrying beyond the visible page. A good scanner notes that JavaScript is present and never executes it — it just tells you it is there so you can decide.

10. Prompt-injection patterns

The tenth place is less a physical location and more a purpose. Text anywhere in the file — visible or, more often, hidden by one of the methods above — can match known patterns that try to steer an AI reviewer or summarizer: telling it to ignore its instructions, return a positive verdict, or append a particular conclusion. This is suggestive rather than conclusive on its own. A paper about prompt injection will quote such strings legitimately, so the surrounding context decides it. But injection phrasing found inside otherwise-invisible text is a combination worth taking seriously.

Reading the results

Notice how the ten split into two groups. A few — near-white text, invisible render mode — are strong signals that almost always mean deliberate hiding. Most of the rest are context-dependent: off-page text, a crop mismatch, a tiny font, or an annotation can be perfectly innocent in a scanned or edited file, and only become a concern once you read what is actually hidden. The right response to a finding is never panic and never a shrug. It is to read the flagged text, on its page, and decide.

A structural scan is the tool for this because it reads properties the eye cannot: exact fill colors, point sizes, coordinates against the crop box, render modes, layer membership, and the non-rendering parts of the file — attachments, scripts, annotation contents. It surfaces all ten places at once and quotes what it finds.

Two honest limits are worth stating. First, a clean scan does not prove a file is safe: text baked into an image has no text layer to inspect, and a payload can be phrased obscurely enough to slip a pattern list while a model still understands it. Second, findings are evidence, not verdicts — the file’s structure tells you where and what, and you supply the judgment.

Curious what is hiding in a specific file? Run it through the scanner on the homepage. It checks all ten of these locally in your browser, quotes anything it finds, and never uploads your file.