Skills
skills/iflytek/ifly-skills/iflytek-ocr-invoice/Gen Agent Trust Hub

iflytek-ocr-invoice

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill implements its logic in scripts/invoice.py using only the Python standard library. It does not install or require any external third-party dependencies.
  • [SAFE]: Network activity is limited to sending image data to the official iFlytek API endpoint (api.xf-yun.com) for structured data extraction. This is the intended and documented behavior of the skill.
  • [SAFE]: The skill follows security best practices by requiring sensitive credentials (App ID, API Key, and API Secret) to be provided through environment variables rather than hardcoding them in the source code.
  • [SAFE]: Analysis of the instructions and script content revealed no signs of prompt injection, obfuscation, persistence mechanisms, or unauthorized privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 03:29 AM
Security Audit — agent-trust-hub — iflytek-ocr-invoice