paddleocr-doc-parsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill explicitly allows/encourages users to paste API credentials into chat and instructs the agent to "help the user persist them," which means the LLM may receive and would likely output secret values verbatim (e.g., embedding tokens into config/commands).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and ingests arbitrary public URLs as input (see SKILL.md "Basic Workflow" step 1 which instructs using --file-url and scripts/vl_caller.py calling parse_document with file_url, and lib.parse_document passes the URL to the remote parsing API), so untrusted third-party page content is read and returned/used by the agent and could thus inject instructions that affect downstream actions.