pdf-ocr
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions require the use of 'sudo apt-get install' to install Tesseract OCR and its language packs, which involves executing commands with elevated administrative privileges.
- [EXTERNAL_DOWNLOADS]: The skill depends on downloading and installing several external Python packages (pytesseract, pdf2image, Pillow, pdfplumber) and system-level binaries from external repositories.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from scanned PDFs and extracts text that could contain malicious instructions.
- Ingestion points: The 'pdf_path' variable in 'check_text_content' and 'pdf_to_images' serves as the entry point for untrusted external document data.
- Boundary markers: Absent; the instructions do not provide delimiters or warnings to the agent to ignore potential instructions embedded within the extracted text.
- Capability inventory: The skill allows for writing extracted content to the local file system ('save_results') and involves executing system-level OCR tools.
- Sanitization: Absent; text extracted via OCR is returned to the agent or written to disk without any filtering, validation, or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata