deepread-invoice
Pass
Audited by Gen Agent Trust Hub on May 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the official API of the author,
deepread-tech, atapi.deepread.tech. All network operations are consistent with the skill's stated purpose of document processing. - [SAFE]: Credential management follows best practices by using environment variables (
DEEPREAD_API_KEY) and providing placeholders for testing, avoiding the inclusion of hardcoded secrets. - [SAFE]: The skill implements an indirect prompt injection surface by design (processing external invoices), but does so through a managed API service rather than direct local execution of data-derived instructions.
- Ingestion points: Processes local document files (e.g.,
invoice.pdf) provided by the user. - Boundary markers: Not applicable at the skill level; handled by the remote DeepRead API.
- Capability inventory: Performs local file reads and network POST/GET requests to the vendor's API.
- Sanitization: Managed by the vendor's backend processing engine.
Audit Metadata