skill-ollama-deepseek-ocr-tool
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone the tool's source code from the author's official GitHub repository (github.com/dnvriend/ollama-deepseek-ocr-tool) and download the DeepSeek-OCR model via the Ollama CLI. These resources originate from the vendor's own infrastructure.
- [COMMAND_EXECUTION]: The skill uses various shell commands for environment setup and tool operation, including
git clone,uv tool install,ollama pull, and the execution of theollama-deepseek-ocr-toolCLI itself. - [REMOTE_CODE_EXECUTION]: The installation instructions (
git clonefollowed byuv tool install .) involve fetching and running code from a remote repository. This is a standard installation pattern for the author's own utility and does not involve untrusted third-party sources. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external image data through an LLM.
- Ingestion points: Image files matching user-provided glob patterns in SKILL.md.
- Boundary markers: The output markdown includes source file comments (
<!-- Source: ... -->) and horizontal rules (---) to separate processed items. - Capability inventory: The CLI tool reads local images and writes the extracted text to a local markdown file.
- Sanitization: No explicit sanitization or instructions to ignore embedded commands are documented for the OCR process.
- [SAFE]: The skill emphasizes local execution and privacy, ensuring no data is sent to cloud services. All external dependencies trace back to the author's verified environment, and no malicious obfuscation or exfiltration patterns are present.
Audit Metadata