invoice-processor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The skill transmits invoice images and PDFs to the Zhipu AI (bigmodel.cn) API for processing. This behavior is disclosed in the documentation and is necessary for the skill's primary function. The check_env.py script also reads from a local .env file to manage API credentials.
- External Downloads (SAFE): The skill relies on standard, well-known Python libraries (aiohttp, PyMuPDF, openpyxl) which are installed via standard package managers.
- Prompt Injection (LOW): The tool processes untrusted documents, creating a surface for indirect prompt injection. Evidence Chain: (1) Ingestion: local invoice files (PDF/images) processed by invoice_ocr.py. (2) Boundaries: No specific delimiters or warnings mentioned in provided code. (3) Capabilities: Network access (POST requests), file writing (Excel output), and file deletion (JSON cleanup). (4) Sanitization: Limited to basic numeric casting for currency fields.
- File System Operations (SAFE): The convert_to_excel.py script performs standard file creation and removes intermediate JSON files as part of its documented cleanup process.
Audit Metadata