image-to-text
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The shell script
scripts/image-to-text.shautomatically installs thetesseract.jspackage from the npm registry if thenode_modulesdirectory is not present. Additionally, the Tesseract library downloads required language training data from its official sources during the first execution. - [PROMPT_INJECTION]: This skill provides a surface for indirect prompt injection because it processes untrusted content from images.
- Ingestion points: Text is extracted from image files specified by the user via
scripts/image-to-text.js. - Boundary markers: No boundary markers or 'ignore' instructions are used when presenting the extracted text to the agent, which could lead the agent to interpret text in an image as a command.
- Capability inventory: The skill scripts perform OCR and output JSON; they do not contain logic for file writing, network exfiltration, or further command execution.
- Sanitization: The extracted text is trimmed but otherwise returned to the agent without sanitization or filtering.
Audit Metadata