paddle-ocr
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/convert.jsusesapp.doShellScriptto execute Python scripts, constructing commands with quoted user arguments. - [DATA_EXFILTRATION]: The utility
scripts/lib.pysends Base64-encoded document data to a remote API URL defined in the user's environment configuration. This is the core functionality of the OCR tool. - [EXTERNAL_DOWNLOADS]: The
save_imagesfunction inscripts/convert.pymay download image files from remote URLs usingurllib.request.urlretrieveif image links are provided by the API. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted documents and returns their content to the agent.
- Ingestion points: Document files are processed in
scripts/convert.py. - Boundary markers: Absent; the skill does not use delimiters to separate OCR results from potential instructions.
- Capability inventory: The skill performs file system writes and network requests (scripts/convert.py, scripts/lib.py).
- Sanitization: Absent; OCR results are returned as raw Markdown without validation or filtering.
Audit Metadata