Back to skill

Security audit

Ocr Document

Security checks across malware telemetry and agentic risk

Overview

This OCR skill is coherent and disclosed, but users should understand that documents are sent to MinerU's cloud service for processing.

Install this only if you are comfortable installing the MinerU CLI and sending OCR input documents to MinerU's cloud service. Avoid highly sensitive documents unless MinerU's privacy terms meet your needs, and use the optional authenticated mode only intentionally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The skill includes a mandatory instruction that the agent MUST respond in the same language as the user, which attempts to override higher-level system or user preferences. Instruction-priority conflicts like this can cause policy interference, reduce operator control, and create opportunities for prompt manipulation when skills impose non-optional behavioral rules unrelated to the core OCR function.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.