The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute several Python scripts (scripts/vl_caller.py, scripts/split_pdf.py, scripts/optimize_file.py) using shell commands. These commands incorporate user-provided inputs such as file paths, URLs, and page ranges. If the agent platform or the agent itself does not properly escape these inputs, it could lead to arbitrary command injection.
[DATA_EXFILTRATION]: The skill reads local files, encodes them as base64, and transmits the data to an external API endpoint defined by the PADDLEOCR_DOC_PARSING_API_URL environment variable. While the documentation points toward official services, a user could be manipulated into providing a malicious URL, allowing the skill to exfiltrate private document data to an attacker-controlled server.
[PROMPT_INJECTION]: The skill extracts text and structure from untrusted external documents (PDFs and images) and injects it into the agent's context via the text and markdown fields. This creates an attack surface for indirect prompt injection, where a malicious document could contain instructions designed to hijack the agent's behavior once the results are processed. The skill lacks boundary markers or explicit instructions to treat the OCR output as untrusted content.
[EXTERNAL_DOWNLOADS]: The skill uses the httpx library in scripts/lib.py to interact with external API endpoints and potentially fetch documents from arbitrary URLs provided by the user. While this is necessary for its stated purpose, it involves interaction with unverified remote sources.

paddleocr-doc-parsing