paddleocr-text-recognition

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt explicitly accepts and instructs the agent to parse user-provided credentials (e.g., PADDLEOCR_ACCESS_TOKEN) from chat and validate them, which requires the LLM to handle secret values and risks echoing or embedding them verbatim despite recommending safer alternatives.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts arbitrary public URLs as input (SKILL.md "Extract text from URLs" and examples, and scripts/ocr_caller.py + lib.py handle the --file-url flow), sends them to the OCR API and then MUST display the complete recognized text verbatim, meaning untrusted third‑party content is ingested and returned in a way that could contain instructions that influence subsequent actions.