ppocrv5
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill extracts text from untrusted external sources (images, PDFs, and URLs), which creates a significant surface for indirect prompt injection. Malicious instructions embedded within a document could be executed by the agent after the OCR process.
- Ingestion points: External data enters the agent context through the
--file-urland--file-patharguments inscripts/ocr_caller.py. - Boundary markers: There are no specified delimiters or instructions to the agent to treat the OCR output as untrusted or to ignore any commands found within the extracted text.
- Capability inventory: The skill has the capability to execute local scripts (
ocr_caller.py,configure.py,smoke_test.py) and perform network requests to an external API endpoint. - Sanitization: There is no evidence of sanitization, filtering, or validation of the extracted text content before it is processed by the agent.
Audit Metadata