ocr
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): Text extracted from PDF/images can contain instructions that override agent behavior once processed by the OCR engine.\n
- Ingestion points: External URLs and uploaded files processed via
casedevcommands.\n - Boundary markers: None specified in the documentation for the returned OCR text.\n
- Capability inventory: CLI execution of
casedevfor processing, watching, and retrieving word-level data.\n - Sanitization: No sanitization of the OCR output is mentioned.\n- Data Exfiltration (LOW): Files are uploaded to
case.dev, which is an external, non-whitelisted service.\n- Command Execution (LOW): The skill executes thecasedevCLI to perform all operations, relying on a third-party binary dependency.
Audit Metadata