The big caveat is that the command "pdfinfo -js" command only sometimes works. Malware JS will often embedd and obfuscate itself and will not be visible via pdfinfo. The stack exchange answer does a brilliant job pointing this out and giving us alternatives for de-obfuscation.

Case 2: Malicious, damaging, hidden and obfuscated JavaScript

There are numerous examples of PDFs out in the wilderness containing JavaScripts which are not as harmless as the above, written by Malware authors who are after your money, or just after the "fun" it gives them if they succeed.

The JavaScripts in these cases are very frequently hidden and obfuscated.

For example, in order to hide the fact that there is even JavaScript contained, they do not use the 'clear' /JavaScript and /JS names in the respective PDF object dictionaries. These names must be present for the PDF readers to know what they should do with the object.

Instead, they use another method to express the same names [....] This method, unfortunately, was even made "legal" by the official ["open sores"-style] PDF specification documents. It allows to replace a selection of some or even of all characters in a PDF name token by their respective ASCII hex number (combined with a leading hash sign for each replaced char).