ppocrv5

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [SAFE]: The skill follows security best practices for secret management by instructing the agent to use a configuration script (scripts/configure.py) to store tokens in a .env file rather than hardcoding credentials or passing them in cleartext commands.
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (scripts/ocr_caller.py, scripts/configure.py, and scripts/smoke_test.py) to perform its primary functions. These scripts are internal to the skill and their usage as documented is standard for providing tool functionality to an agent.
  • [PROMPT_INJECTION]: As an OCR tool, the skill is subject to indirect prompt injection risks (Category 8) where text inside processed images or PDFs could contain malicious instructions.
  • Ingestion points: User-provided image/PDF URLs and local file paths passed to the --file-url and --file-path arguments in SKILL.md.
  • Boundary markers: None identified in the skill instructions to separate OCR output from agent instructions.
  • Capability inventory: The skill has the capability to execute local Python scripts via shell commands as seen in the usage examples.
  • Sanitization: Not specified in the documentation; the skill relies on the underlying Python scripts for processing. Given this is a standard risk for OCR/parsing tools, it is noted but does not escalate the verdict from SAFE.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 08:03 AM
Security Audit — agent-trust-hub — ppocrv5