Skills
skills/paddlepaddle/paddleocr/paddleocr-doc-parsing/Gen Agent Trust Hub

paddleocr-doc-parsing

Pass

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill instructions in SKILL.md guide the agent to extract the PADDLEOCR_ACCESS_TOKEN directly from the user's chat messages if environment variables are missing. This encourages the practice of sharing sensitive credentials in conversation history.
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests untrusted document content and presents the full extracted text to the agent without sanitization.
  • Ingestion points: scripts/vl_caller.py processes external files and URLs for OCR extraction.
  • Boundary markers: Absent. The extracted content is provided directly to the agent's context.
  • Capability inventory: The skill can perform network requests (scripts/lib.py) and file system operations (scripts/vl_caller.py, scripts/split_pdf.py).
  • Sanitization: No sanitization or filtering is performed on the text extracted from documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 22, 2026, 11:49 AM