reading-business-cards

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill uses local Python scripts (scripts/prep_cards.py and scripts/extract_cards.py) to process user-provided images. The scripts rely on well-known libraries such as OpenCV, NumPy, and PIL for image manipulation.
  • [EXTERNAL_DOWNLOADS]: The skill communicates with the official Anthropic API (api.anthropic.com) to perform transcription. This is a well-known service and is necessary for the skill's primary function.
  • [CREDENTIALS_UNSAFE]: The script extract_cards.py manages API keys by reading from environment variables or local configuration files (/mnt/project/claude.env). This follows standard practices for secure secret management in development environments.
  • [PROMPT_INJECTION]: As the skill processes untrusted text from business card images, it is theoretically susceptible to indirect prompt injection. However, the skill includes a specialized system prompt (prompts/haiku_extract.md) with strict operational rules, examples, and boundary markers designed to enforce verbatim transcription and prevent the AI from following instructions embedded in the images.
  • Ingestion points: User-provided images are sliced into tiles and fed to the LLM.
  • Boundary markers: The skill uses a dedicated Markdown prompt file with <rules> and <process> sections to define behavior.
  • Capability inventory: The skill can perform network API calls and write results to a local CSV file.
  • Sanitization: The instructions explicitly forbid the AI from 'inventing' or completing data, requiring it to only transcribe legible characters.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — reading-business-cards