pdf-ocr-skill

Warn

Audited by Gen Agent Trust Hub on Jun 7, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/pdf_ocr_processor.py uses subprocess.check_call to execute shell commands for package installation. While the package names are hardcoded, this allows the skill to modify the system's Python environment at runtime.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to dynamically download and install Python packages (such as rapidocr_onnxruntime, paddleocr, and rapid-doc) from the public PyPI registry if they are not detected on the system during execution.
  • [DATA_EXFILTRATION]: When using the SiliconFlow OCR engine, the skill transmits document image data to an external cloud service (api.siliconflow.cn). This is the intended functionality for cloud-based recognition but involves sending potentially sensitive file content to a third-party API.
  • [PROMPT_INJECTION]: The skill ingests untrusted text data extracted from PDFs and images. Because this data is returned to the agent's context without sanitization or boundary delimiters, it creates a risk of indirect prompt injection where instructions embedded in a scanned document could hijack the agent's behavior.
  • Ingestion points: scripts/pdf_ocr_processor.py (via ocr_pdf and ocr_image_file methods) reads content from PDF and image files provided to the agent.
  • Boundary markers: The SiliconFlowOCREngine uses a prompt to request text output, but the resulting content is merged into the agent's context without specific "ignore instructions" delimiters.
  • Capability inventory: The script performs file reads, network POST requests, and subprocess shell execution.
  • Sanitization: While the RapidDocEngine performs basic regex cleaning to remove markdown formatting, no generic sanitization is applied to the raw text output across all engines.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 7, 2026, 09:00 AM
Security Audit — agent-trust-hub — pdf-ocr-skill