paddleocr-text-recognition

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly asks users to send their PADDLEOCR_OCR_API_URL and PADDLEOCR_ACCESS_TOKEN, instructs the agent to parse those secret values from user messages and run commands like python scripts/configure.py --api-url "PARSED_URL" --token "PARSED_TOKEN", which requires embedding secrets verbatim in output/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary public image/PDF URLs (e.g., scripts/ocr_caller.py --file-url and lib.ocr/file_url handling) and SKILL.md mandates extracting and displaying the COMPLETE recognized text from those untrusted third‑party files, so the agent ingests and surfaces external user-generated content that could contain instructions influencing later actions.