PDF和图片文字提取

Security checks across malware telemetry and agentic risk

Overview

This skill reads user-provided images or PDFs to extract text, and the reviewed artifacts do not show hidden data access, exfiltration, persistence, or destructive behavior.

Install this if you want the agent to extract text from images or PDFs you provide. Do not use it on sensitive documents unless you are comfortable with the extracted text appearing in the chat or in a Markdown file when you ask it to save results.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger condition is broad enough to overlap with ordinary conversation about images, PDFs, or document text, which can cause the skill to activate unexpectedly. In an agent environment, over-broad activation can lead to unnecessary file handling, unintended tool invocation, or processing of sensitive user documents when the user did not explicitly request OCR/extraction.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal