ppocrv5
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill follows security best practices for secret management by instructing the agent to use a configuration script (
scripts/configure.py) to store tokens in a.envfile rather than hardcoding credentials or passing them in cleartext commands. - [COMMAND_EXECUTION]: The skill executes local Python scripts (
scripts/ocr_caller.py,scripts/configure.py, andscripts/smoke_test.py) to perform its primary functions. These scripts are internal to the skill and their usage as documented is standard for providing tool functionality to an agent. - [PROMPT_INJECTION]: As an OCR tool, the skill is subject to indirect prompt injection risks (Category 8) where text inside processed images or PDFs could contain malicious instructions.
- Ingestion points: User-provided image/PDF URLs and local file paths passed to the
--file-urland--file-patharguments inSKILL.md. - Boundary markers: None identified in the skill instructions to separate OCR output from agent instructions.
- Capability inventory: The skill has the capability to execute local Python scripts via shell commands as seen in the usage examples.
- Sanitization: Not specified in the documentation; the skill relies on the underlying Python scripts for processing. Given this is a standard risk for OCR/parsing tools, it is noted but does not escalate the verdict from SAFE.
Audit Metadata