paddleocr-text-recognition
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill instructions include behavioral constraints to ensure the agent prioritizes the tool over its own vision capabilities. An indirect prompt injection surface is present as the skill processes text from external documents without sanitization.
- Ingestion points:
scripts/ocr_caller.pyreads user-provided data from local files and URLs. - Boundary markers: Absent; instructions demand displaying the full extracted text.
- Capability inventory: Reading local files (filtered by extension) and network operations to the OCR API.
- Sanitization: Absent; the raw text is extracted and returned directly.
- [DATA_EXFILTRATION]: The skill transmits document data to an external API provider (PaddleOCR). This network activity is the core intended purpose. The setup process uses a configuration script to store API credentials in a local
.envfile securely. - [COMMAND_EXECUTION]: The skill uses local Python scripts to interact with the OCR API. These scripts are part of the skill package and do not exhibit any suspicious or arbitrary command execution patterns.
Audit Metadata