paddleocr-doc-parsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly tells the agent to accept credentials pasted in chat, parse and extract the PADDLEOCR_ACCESS_TOKEN (and URL) and to report/validate them, which requires the LLM to handle and potentially echo secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary public URLs (see SKILL.md Basic Workflow and examples using --file-url "URL provided by user") and vl_caller.py/lib.parse_document ingest and surface the complete parsed text/result from those third‑party documents, so untrusted user-generated web content can be read and directly influence the agent's outputs and actions.