image-ocr
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill implementation uses legitimate Python libraries (pytesseract and Pillow) to provide its advertised OCR functionality.- [EXTERNAL_DOWNLOADS]: The documentation provides instructions for installing the Tesseract OCR engine from official and well-known sources, including official GitHub repositories and standard Linux package registries.- [COMMAND_EXECUTION]: The script executes the Tesseract binary via a wrapper library. Input parameters such as page segmentation mode and image resolution are strictly validated as integers by the argument parser, which prevents command injection through those flags.- [PROMPT_INJECTION]: The skill acts as a surface for indirect prompt injection because it processes untrusted image data. Extracted text from an attacker-controlled image could contain instructions intended to influence the agent's subsequent behavior. \n
- Ingestion points: The
ocr_extract.pyscript reads image files from local paths provided as input. \n - Boundary markers: The skill does not use specific markers or delimiters to encapsulate extracted text in the agent's context. \n
- Capability inventory: The script includes local file-write capabilities via the
--saveparameter. \n - Sanitization: Extracted text is returned to the user or saved to a file without validation or sanitization of its content.
Audit Metadata