OCR Image to Markdown
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes image files which represent untrusted external data, creating a potential surface for indirect prompt injection. Ingestion points: Image files (PNG, JPG) read using the view_file tool. Boundary markers: None present; the instructions do not provide delimiters to separate image content from instructions. Capability inventory: Includes file reading (view_file), directory listing (list_dir), and file writing (write_to_file). Sanitization: No sanitization or validation of the transcribed image content is defined.
- [No Code] (SAFE): This skill contains no executable code, scripts, or external package dependencies, significantly reducing the attack surface.
Audit Metadata