doc2x-ocr-markdown
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes untrusted PDF and image files, which provides an attack surface for indirect prompt injection. Malicious instructions within the documents could influence the agent once converted to Markdown. 1) Ingestion points: 'scripts/doc2x_ocr.py' accepts file paths as input. 2) Boundary markers: No delimiters or specific 'ignore' instructions are mentioned in the workflow. 3) Capability inventory: The script performs network requests (API calls) and writes files to the local disk. 4) Sanitization: No sanitization of the OCR output is described before the agent uses it.
- [Data Exposure & Exfiltration] (LOW): The skill transmits document data and the 'DOC2X_APIKEY' to external Doc2X API endpoints. This is expected behavior but involves non-whitelisted network communication.
- [Command Execution] (LOW): The skill requires the agent to run a local script ('scripts/doc2x_ocr.py') to perform its tasks.
Audit Metadata