The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to call external utilities like ocrmypdf, tesseract, and pdftotext. All commands are executed using argument lists, which effectively prevents shell injection vulnerabilities. The setup script also uses sudo to execute package management commands for system dependencies.- [EXTERNAL_DOWNLOADS]: The scripts/setup.sh script downloads and installs essential system-level dependencies (tesseract-ocr, ocrmypdf, etc.) from official package repositories. These are well-known, trusted sources and are necessary for the skill's primary function.- [PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection as it ingests untrusted data (scanned documents or images) and extracts text for the agent's use.
Ingestion points: scripts/ocr.py reads user-supplied image and PDF files via the pdf, text, and batch commands.
Boundary markers: No explicit markers or delimiters are added to the extracted text output.
Capability inventory: The skill has the ability to run subprocesses (OCR tools) and delete files (pathlib.Path.unlink) when batch processing images into PDFs.
Sanitization: Employs Path.resolve() for path safety and list-based command construction to prevent shell exploitation.

local-ocr