receipt-ocr-sorter
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install standard Python libraries and system utilities, such as PyTorch, Surya OCR, and ffmpeg, from well-known official package registries and distribution channels.
- [PROMPT_INJECTION]: The skill processes untrusted input from receipts and ZIP files to generate filenames and reports. This ingestion surface presents a risk of indirect prompt injection if the agent interprets extracted text or archive content as instructions. 1. Ingestion points:
receipt_sorter.pyperforms OCR on user-supplied files and extracts content from ZIP archives. 2. Boundary markers: No explicit delimiters are used to isolate OCR text in the generated summary reports. 3. Capability inventory: The agent is empowered to move files and use browser-based automation tools. 4. Sanitization: While filenames are sanitized using a slugify function, the archive extraction process and report generation lack robust protection against malicious input.
Audit Metadata