ifly-ocr-invoice
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or behaviors were detected. The skill performs its stated purpose of invoice recognition through the official vendor infrastructure.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of the local script
scripts/invoice.pyto handle image processing and API communication.\n- [EXTERNAL_DOWNLOADS]: The skill makes network requests tohttps://api.xf-yun.comto send image data and receive structured OCR results. This is the official API endpoint for the service and aligns with the vendor's own documentation.\n- [PROMPT_INJECTION]: The skill processes untrusted OCR text extracted from user-provided images, which serves as a potential surface for Indirect Prompt Injection.\n - Ingestion points: OCR text is extracted from the API response in
scripts/invoice.py(line 126-130).\n - Boundary markers: The OCR result is printed to the terminal without specific delimiters to separate untrusted data from agent instructions.\n
- Capability inventory: The skill can read local image files and perform authenticated POST requests to the iFlytek API.\n
- Sanitization: No sanitization or filtering is applied to the extracted text before it is returned to the agent context.
Audit Metadata