Skills
skills/yejinlei/pdf-ocr-skill/pdf-ocr/Gen Agent Trust Hub

pdf-ocr

Warn

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The file scripts/pdf_ocr_processor.py implements an install_dependency function that executes pip install using subprocess.check_call. This allows the skill to modify the local environment by installing packages like rapidocr_onnxruntime, pymupdf, and pillow during execution.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to https://api.siliconflow.cn for cloud-based OCR processing and initiates package downloads from the Python Package Index (PyPI).
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface due to processing untrusted document content. 1. Ingestion points: pdf_path and image_path in scripts/pdf_ocr_processor.py. 2. Boundary markers: No delimiters or 'ignore' instructions are used in the prompt sent to the OCR model. 3. Capability inventory: The skill has access to subprocess execution and network requests. 4. Sanitization: No validation or sanitization of the text extracted from external files is performed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 3, 2026, 06:54 AM