ocr
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill utilizes well-known and reputable Python libraries including requests, Pillow, and pdf2image. It relies on the official Ollama service for running models locally, ensuring data remains on the user's machine.
- [SAFE]: All document and image processing is performed locally. The script communicates with a local API endpoint (localhost:11434) for model inference and does not perform any unauthorized external data transmission.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it converts untrusted visual content from images and PDFs into text that is subsequently processed by an AI agent.
- Ingestion points: The
input_fileargument inscripts/ocr.pyallows for the processing of untrusted files. - Boundary markers: The implementation lacks explicit boundary markers or instructions to downstream models to treat the extracted text as untrusted data.
- Capability inventory: The skill possesses capabilities for local file read/write operations and local network communication with the Ollama service.
- Sanitization: No sanitization or validation of the extracted text is performed prior to returning the result to the agent context.
Audit Metadata