ocr
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill creates a significant attack surface by converting visual data (images) into natural language text which is then processed by the agent.
- Ingestion points:
scripts/ocr.py(image_file) andscripts/ocr_url.py(image_url). - Boundary markers: Absent. The extracted text is written directly to the output file without any delimiters or 'ignore instructions' headers.
- Capability inventory: The skill writes to local files (
open(output_path, 'w')) and performs network requests viarequests.get. - Sanitization: None. The script does not validate or sanitize the OCR output before saving it for the agent's consumption.
- [External Downloads] (MEDIUM):
scripts/ocr_url.pyuses therequestslibrary to download images from arbitrary, untrusted URLs provided at runtime. - [Privilege Escalation] (LOW/INFO): The
SKILL.mdfile instructs users to usesudo apt-get installorsudo yum installfor system dependencies. While standard for installation, it highlights the requirement for elevated privileges to set up the environment.
Recommendations
- AI detected serious security threats
Audit Metadata