receipt-ocr-sorter

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill performs its claimed functionality using local processing and does not exhibit any malicious behavior or safety violations.
  • [EXTERNAL_DOWNLOADS]: The setup documentation references standard, well-known libraries and tools including surya-ocr, torch, Pillow, jaconv, and ffmpeg. These are established packages required for the OCR and image processing tasks described.
  • [COMMAND_EXECUTION]: The Python script (receipt_sorter.py) uses standard library functions for file system management (shutil.move, Path.mkdir, Path.glob). No evidence of arbitrary or dangerous shell command execution was found.
  • [DATA_EXFILTRATION]: No network operations or data exfiltration patterns were detected. The script operates entirely on local file paths provided by the user during execution.
  • [INDIRECT_PROMPT_INJECTION]: While the tool processes untrusted data (OCR text from receipts) to generate filenames and reports, it uses robust regex-based extraction and sanitization (the slugify function) to ensure the resulting strings are safe for file system operations. No exploitation path to the agent's core instructions was identified.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 06:41 PM
Security Audit — agent-trust-hub — receipt-ocr-sorter