paddleocr-doc-parsing

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to accept, parse, and validate user-provided API credentials (PADDLEOCR_ACCESS_TOKEN and endpoint URL) from chat, which requires the LLM to handle secret values in its context and risks verbatim exposure.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and fetches arbitrary user-provided URLs (SKILL.md "Execute document parsing" with python scripts/vl_caller.py --file-url "URL provided by user" and scripts/vl_caller.py → lib.parse_document) and is required to display the COMPLETE extracted, unfiltered document content (SKILL.md "Complete Content Display"), so untrusted third‑party documents could contain instructions that materially influence the agent's outputs or next actions.