Pdf Field Extractor

The skill's code matches the described PDF extraction purpose, but there are multiple coherence gaps (missing install/dependency declarations, omitted system binaries like Tesseract, and a hinted Feishu push with no credential/config guidance) that the user should resolve before trusting it.

This package's functionality (PDF text extraction, OCR, AI-based field parsing, Excel/JSON output) is coherent with its purpose, but several practical and security-relevant details are missing or ambiguous: - Dependencies: Confirm and install required packages (PyMuPDF/fitz, pdfplumber, Pillow, openpyxl, requests) and ensure the Tesseract OCR executable and trained language data are installed on the host; the skill metadata does not declare these. - Credentials: The code uses an AI API key (can be passed per-call or read from OPENAI_API_KEY). Prefer providing a scoped/limited key and pass it per-call rather than embedding a long-lived privileged key. Verify how you supply the key to the agent (do not paste high-privilege keys into untrusted UIs). - Feishu / external posting: The code can build Feishu message payloads but does not include a sender implementation or declare Feishu credentials. If you expect automated pushing to Feishu or other services, require explicit configuration and review any sending code before enabling it. - Offline review: Because this skill includes executable Python modules, review the code yourself or run it in an isolated environment (sandbox or VM) before using with sensitive documents. Check tests and run them locally. - Missing install spec: Ask the publisher for a clear install/dependency list or provide your own packaging (venv/requirements.txt, system package instructions for tesseract) before deploying. If you cannot verify or control these items, treat the skill as untrusted for processing sensitive documents. If you proceed, run it with non-sensitive sample files first and limit the AI API key's privileges/cost exposure.