paddleocr-ui-test
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements UI testing functionality as described. It utilizes Playwright to automate browser interaction and capture visual/structural data from web pages.\n- [SAFE]: External communication is restricted to the SiliconFlow API (api.siliconflow.cn) for OCR processing, which is consistent with the skill's stated purpose of using PaddleOCR.\n- [SAFE]: Sensitive data, specifically API keys, are correctly handled through environment variables (PADDLEOCR_API_KEY and SILICONFLOW_API_KEY), avoiding hardcoded credentials.\n- [SAFE]: Dependencies such as openai, playwright, and Pillow are reputable libraries sourced from standard package registries.\n- [SAFE]: The skill contains an inherent surface for indirect prompt injection by processing content from external URLs, but this is a standard risk for browser-based tools and no malicious patterns were identified.\n
- Ingestion points: scripts/ui_test.py (via Playwright page.goto).\n
- Boundary markers: Absent in generated reports.\n
- Capability inventory: Network access (API calls) and file system writes (results directory) in scripts/ui_test.py.\n
- Sanitization: None performed on OCR-extracted text.
Audit Metadata