Back to skill

Security audit

PDF OCR Using Gemini LLM

Security checks across malware telemetry and agentic risk

Overview

This skill does the stated OCR task and clearly discloses that PDF pages are uploaded to Google Gemini, but users should treat it as cloud processing for potentially sensitive documents.

Install only if you are comfortable sending the PDFs you process to Google Gemini using your Google API key. Avoid highly sensitive, regulated, or confidential documents unless that cloud-processing data flow matches your privacy and compliance requirements; use an isolated environment and consider pinning reviewed dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill performs network access to Google Gemini and can write output to files, but it does not declare any permissions for those capabilities. This is a real security and governance issue because users and policy engines cannot accurately assess or constrain the skill's behavior, especially since the skill explicitly sends full PDF page content to an external API.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This service sends PDF page content to Google's Gemini OCR API (`ocr_pdf_page_async`) for processing, which constitutes external transmission of potentially sensitive document data. In an OCR skill, cloud processing may be expected, but without an explicit user-facing consent/notice mechanism or documented data-handling controls, users may unknowingly upload confidential PDFs to a third-party service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.