image-parser
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill includes explicit defensive instructions requiring the agent to treat all parsed OCR content as data only and to disregard any instruction-like text within the image results, which mitigates indirect prompt injection risks.
- [CREDENTIALS_UNSAFE]: The skill demonstrates safe credential handling by instructing users to configure the
SOMARK_API_KEYvia environment variables and specifically warning against sharing keys in chat or using insecure command-line arguments. - [COMMAND_EXECUTION]: The skill utilizes a bundled Python script (
image_parser.py) for processing images and communicating with the API. The script uses standard libraries and restricts its operations to the declared functionality of image parsing and output generation. - [DATA_EXFILTRATION]: Network operations are limited to the legitimate service endpoint at
somark.tech. This communication is necessary for the core OCR functionality of the skill.
Audit Metadata