pdf-processor

Fail

Audited by Snyk on Jun 30, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.80). The prompt shows an explicit plaintext password passed on the command line (e.g., --password 123456) which instructs embedding secrets verbatim in commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). 运行时会把外部 OCR API 返回的结构化文本(如 PaddleOCR 的 layoutParsingResults[].prunedResult.parsing_res_list[].block_content 或 MinerU 的 content 字段)解析为可读字符串并用于本地叠层/归档(scripts/pdf_ocr_paddle_api.py/scripts/pdf_ocr_mineru.pyscripts/pdf_ocr_layered.py/scripts/pdf_ocr_corrections.pygenerate_readable_text()),属于“外部 API/第三方服务返回的文本”这一类 outsider 输入。

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 30, 2026, 04:03 PM
Issues
2
Security Audit — snyk — pdf-processor