transcribing-images
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script uses the subprocess module to run system binaries (libreoffice, pdftoppm, tesseract) for file conversion and OCR. Arguments are passed as lists, effectively preventing shell injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The skill documentation identifies dependencies on external system tools (LibreOffice, Poppler-utils, Tesseract OCR). These are well-known, legitimate software packages required for the skill's primary functionality.
- [DATA_EXFILTRATION]: Image data extracted from documents is transmitted to external vision model APIs (Anthropic and Gemini) via internal client scripts. This data flow is the intended purpose of the skill and is clearly documented.
- [SAFE]: Analysis of the Python script and Markdown documentation revealed no signs of obfuscation, hardcoded credentials, or persistence mechanisms. The skill relies on standard library modules and follows established cross-skill communication patterns within its target environment.
Audit Metadata