legal-ocr
Warn
Audited by Snyk on Jun 30, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). 运行时会把“PaddleOCR / MinerU 服务端返回的 OCR 文本与 Markdown(resultUrl/jsonl_url/full_zip_url 解压后的 full.md 等)”作为可读文本写入并继续用于后处理与输出(如
paddle_ocr.py的parse_jsonl_markdown()、mineru_ocr.py的_download_zip_and_extract()读取full.md),这些文本属于非操作用户/非本地作者的外部来源。
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata