The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The Dockerfile pulls its base image from a Baidu-hosted repository (ccr-2vdh3abv-pub.cnc.bj.baidubce.com) and uses the Tsinghua University mirror for pip installations. These domains are not included in the predefined trusted external sources list.\n- [DATA_EXFILTRATION] (LOW): The image_to_base64 method in client.py allows reading arbitrary local files if the image_path argument is controlled by an untrusted source, which could lead to sensitive data exposure.\n- [PROMPT_INJECTION] (LOW): As a tool that converts image content to text, the skill is susceptible to indirect prompt injection. 1. Ingestion points: client.py (image_to_base64) and server.py (ocr_recognize). 2. Boundary markers: Absent. 3. Capability inventory: Extracted text is returned to the agent context, which may influence subsequent actions. 4. Sanitization: No content filtering or validation is performed on the OCR output.

ocr-service