ocr-web-service
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
membranecommand-line utility to perform document management and OCR operations. This is the primary mechanism for the skill's functionality.\n- [EXTERNAL_DOWNLOADS]: The skill installs the@membranehq/cliglobal package from the npm registry. This is a legitimate utility provided by the vendor to handle authentication and communication.\n- [PROMPT_INJECTION]: The skill integrates text extracted from images into the agent's context, which introduces a surface for indirect prompt injection.\n - Ingestion points: Extracted text from scanned documents (SKILL.md)\n
- Boundary markers: None present\n
- Capability inventory: Shell command execution via the
membraneCLI (SKILL.md)\n - Sanitization: No sanitization or validation of the extracted text is described
Audit Metadata