paddleocr
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of well-known libraries
paddlepaddle,paddleocr, andeasyocr. These are established machine learning and OCR packages maintained by reputable technology organizations like Baidu and the open-source community. - [PROMPT_INJECTION]: The skill processes document images, which represents an ingestion surface for untrusted data that could contain adversarial text aimed at influencing agent behavior.
- Ingestion points: Document images are processed via the
img_pathparameter in theocr.ocr()method. - Boundary markers: No specific delimiters or boundary markers are defined to isolate the extracted text from the agent's instructions.
- Capability inventory: The extracted text is used for data extraction of sensitive fields and further processing by other modules like YOLOv8.
- Sanitization: The instructions explicitly recommend a post-processing step to clean strange characters and normalize spaces, which provides a basic layer of data validation.
Audit Metadata