paddleocr-doc-parsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to ask users to provide API URL and access token, parse those secret values from messages, and emit a shell command that includes the token verbatim (python scripts/configure.py --token "PARSED_TOKEN"), which requires the LLM to handle and output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary public URLs (e.g., SKILL.md and scripts/vl_caller.py: "python scripts/vl_caller.py --file-url 'URL provided by user'") and sends those files to the PaddleOCR provider (scripts/lib.py parse_document → params {"file_url": file_url}), returns the full extracted text and instructs the agent to display/use the complete document content, so untrusted third-party content could inject instructions that influence the agent's behavior.