business-card-scanner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted image data through OCR, which could contain malicious text instructions intended to influence downstream agent behavior.
- Ingestion points:
scripts/business_card_scanner.py(viapytesseract.image_to_string) - Boundary markers: Absent; the output is raw extracted text formatted as JSON.
- Capability inventory: File system read (
cv2.imread) and write (to_json). No network or command execution capabilities. - Sanitization: Absent; no filtering or validation of the text extracted from the image is performed.
- SAFE (SAFE): No malicious patterns detected. The code uses standard libraries (OpenCV, Tesseract, Pandas) for their intended purposes. There are no network requests, obfuscated sections, or attempts at privilege escalation.
Audit Metadata