paddleocr-vl

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill asks the user to send their API URL and token, instructs the agent to parse those secrets from user messages, and explicitly embed them verbatim into a CLI command (python ... --token "PARSED_TOKEN"), which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts and processes arbitrary public URLs (e.g., the command python scripts/paddleocr-vl/vl_caller.py --file-url "URL provided by user" and guidance to upload files to public cloud URLs like https://your-server.com/large_file.pdf) and then instructs the agent to parse and display the complete extracted document content, exposing the agent to untrusted third-party/user-provided content that could carry indirect prompt injection.