image-parser
Pass
Audited by Gen Agent Trust Hub on Mar 23, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
image_parser.py) to manage image files and interact with the SoMark API. This is the intended implementation for the skill. - [DATA_EXFILTRATION]: The skill transmits image data and the user's API key to the official vendor domain (
somark.tech). This is a standard and necessary operation for the OCR service provided by the vendor 'somarkai'. - [PROMPT_INJECTION]: As an OCR tool, the skill is susceptible to indirect prompt injection from text contained within images. This is mitigated by explicit instructions in the SKILL.md for the agent to treat all outputs as raw data and to ignore any instruction-like text discovered during parsing.
- Ingestion points:
image_parser.pyreads local image files provided by the user. - Boundary markers:
SKILL.mdprovides clear instructions to the AI to disregard embedded instructions. - Capability inventory: The skill allows for script execution, local file reads/writes, and network communication with the vendor API.
- Sanitization: Relies on logical separation of data and instructions within the agent's prompt context.
Audit Metadata