paddle-ocr

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/convert.js uses app.doShellScript to execute Python scripts, constructing commands with quoted user arguments.
  • [DATA_EXFILTRATION]: The utility scripts/lib.py sends Base64-encoded document data to a remote API URL defined in the user's environment configuration. This is the core functionality of the OCR tool.
  • [EXTERNAL_DOWNLOADS]: The save_images function in scripts/convert.py may download image files from remote URLs using urllib.request.urlretrieve if image links are provided by the API.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted documents and returns their content to the agent.
  • Ingestion points: Document files are processed in scripts/convert.py.
  • Boundary markers: Absent; the skill does not use delimiters to separate OCR results from potential instructions.
  • Capability inventory: The skill performs file system writes and network requests (scripts/convert.py, scripts/lib.py).
  • Sanitization: Absent; OCR results are returned as raw Markdown without validation or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 04:25 AM
Security Audit — agent-trust-hub — paddle-ocr