The Agent Skills Directory

[COMMAND_EXECUTION]: The wrapper script scripts/ocr.sh is vulnerable to shell command injection. It directly interpolates the input image filename (from the first script argument) into the $CMD string without sanitization. An attacker could provide a filename containing shell metacharacters (e.g., ;, &, |) to execute arbitrary commands on the system. Furthermore, the inline Python code in the same script is vulnerable to Python code injection via the same filename argument.
[EXTERNAL_DOWNLOADS]: The skill instructions and scripts perform external downloads of resources and dependencies. Specifically, scripts/ocr.sh uses wget to fetch Tesseract language models from GitHub. It also pulls the minidocks/tesseract Docker image from Docker Hub and recommends installing third-party Python packages such as paddleocr and paddlepaddle.
[DATA_EXFILTRATION]: The skill provides documentation and code examples for sending local data (such as captchas and screenshots) to external third-party services like chaojiying.net. This represents an intentional data exfiltration path for processing sensitive visual information on external infrastructure.

ocr-recognition