paddleocr-text-recognition

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks users to send their PADDLEOCR_OCR_API_URL and PADDLEOCR_ACCESS_TOKEN, instructs the agent to parse those secret values from user messages and run commands like python scripts/configure.py --api-url "PARSED_URL" --token "PARSED_TOKEN", which requires embedding secrets verbatim in output/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill accepts arbitrary public URLs as input (see SKILL.md "Identify the input source" and the CLI usage in scripts/ocr_caller.py --file-url), sends those untrusted third‑party images/PDFs to the external PaddleOCR provider (scripts/lib.py/_make_api_request), and explicitly requires returning and displaying the complete recognized text — meaning untrusted content is ingested and presented in the agent workflow and could contain instructions that influence later actions.