reading-business-cards
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses local Python scripts (
scripts/prep_cards.pyandscripts/extract_cards.py) to process user-provided images. The scripts rely on well-known libraries such as OpenCV, NumPy, and PIL for image manipulation. - [EXTERNAL_DOWNLOADS]: The skill communicates with the official Anthropic API (
api.anthropic.com) to perform transcription. This is a well-known service and is necessary for the skill's primary function. - [CREDENTIALS_UNSAFE]: The script
extract_cards.pymanages API keys by reading from environment variables or local configuration files (/mnt/project/claude.env). This follows standard practices for secure secret management in development environments. - [PROMPT_INJECTION]: As the skill processes untrusted text from business card images, it is theoretically susceptible to indirect prompt injection. However, the skill includes a specialized system prompt (
prompts/haiku_extract.md) with strict operational rules, examples, and boundary markers designed to enforce verbatim transcription and prevent the AI from following instructions embedded in the images. - Ingestion points: User-provided images are sliced into tiles and fed to the LLM.
- Boundary markers: The skill uses a dedicated Markdown prompt file with
<rules>and<process>sections to define behavior. - Capability inventory: The skill can perform network API calls and write results to a local CSV file.
- Sanitization: The instructions explicitly forbid the AI from 'inventing' or completing data, requiring it to only transcribe legible characters.
Audit Metadata