Skills
skills/ontos-ai/invoice-extract-skill/invoice-extractor/Gen Agent Trust Hub

invoice-extractor

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • Data Exposure & Exfiltration (MEDIUM): The script scripts/check_env.py manually accesses and reads the .env file to verify API credentials. Accessing sensitive file paths containing secrets represents an exposure risk. Evidence: scripts/check_env.py line 46.
  • Indirect Prompt Injection (LOW): The skill processes untrusted PDF and image files which are interpreted by a Vision Language Model, creating a vulnerability surface for indirect prompt injection. 1. Ingestion points: invoice_extractor/pdf_converter.py (reads external PDF and image files). 2. Boundary markers: Absent for visual/OCR content; relying on system prompt instructions. 3. Capability inventory: vlm_client.py (performs network API calls to model providers). 4. Sanitization: vlm_client.py utilizes regex extraction and Pydantic model validation (InvoiceData) to verify model output.
  • Data Exposure & Exfiltration (LOW): The skill performs network requests to non-whitelisted domains (e.g., dashscope.aliyuncs.com, api.deepseek.com) to communicate with external AI providers, which is necessary for its primary purpose but involves sending document data externally.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:43 PM