ocr
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as a data ingestion point by performing OCR on images and providing the text to the agent. This creates a surface for indirect prompt injection if an image contains hidden instructions intended to influence the agent's behavior. * Ingestion points: Image files and macOS clipboard content processed in
scripts/cli.js. * Boundary markers: No delimiters or safety warnings are used when returning the extracted text. * Capability inventory: The skill utilizesexecSyncinscripts/clipboard.jsfor macOS system integration. * Sanitization: No text filtering or sanitization is performed on the OCR output. - [COMMAND_EXECUTION]: The skill uses
execSyncinscripts/clipboard.jsto runosascriptcommands for accessing image data on the macOS clipboard. These commands use hardcoded logic and internally managed temporary file paths. - [EXTERNAL_DOWNLOADS]: The
tesseract.jslibrary typically downloads language-specific training data from its official remote repositories during initialization, which is the standard and expected operational behavior for this library.
Audit Metadata