receipt-ocr-sorter
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill performs its claimed functionality using local processing and does not exhibit any malicious behavior or safety violations.
- [EXTERNAL_DOWNLOADS]: The setup documentation references standard, well-known libraries and tools including
surya-ocr,torch,Pillow,jaconv, andffmpeg. These are established packages required for the OCR and image processing tasks described. - [COMMAND_EXECUTION]: The Python script (
receipt_sorter.py) uses standard library functions for file system management (shutil.move,Path.mkdir,Path.glob). No evidence of arbitrary or dangerous shell command execution was found. - [DATA_EXFILTRATION]: No network operations or data exfiltration patterns were detected. The script operates entirely on local file paths provided by the user during execution.
- [INDIRECT_PROMPT_INJECTION]: While the tool processes untrusted data (OCR text from receipts) to generate filenames and reports, it uses robust regex-based extraction and sanitization (the
slugifyfunction) to ensure the resulting strings are safe for file system operations. No exploitation path to the agent's core instructions was identified.
Audit Metadata