paddleocr-doc-parsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs the agent to accept credentials provided in chat and to parse/validate the PADDLEOCR_ACCESS_TOKEN (and URL), which requires the LLM to handle secret values directly and risks echoing or exfiltrating them.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow (SKILL.md) and the CLI (scripts/vl_caller.py) explicitly accept arbitrary --file-url values provided by the user and lib.parse_document sends that URL to the remote parsing API and returns extracted text which the agent is instructed to display in full, so the agent ingests and acts on untrusted third-party content fetched from arbitrary public URLs.