Security audit

TencentCloud GeneralAccurate OCR

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Tencent Cloud OCR skill, but users should understand that documents and resume contents may be sent to Tencent Cloud and shown back with personal details.

Install only if you are comfortable using Tencent Cloud OCR for the documents you process. Avoid sending confidential, legal, ID, or resume data unless you have permission, use a scoped Tencent Cloud key, and consider redacting or limiting personal fields before sharing outputs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger conditions are overly broad, including phrases like applying to any general OCR scenario, which can cause the skill to activate in contexts the user did not specifically intend. Over-triggering is dangerous here because the skill can send user-supplied images or PDFs to an external cloud service, increasing the chance of unintended data disclosure.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill description does not clearly warn that provided image URLs, PDFs, or embedded image content may be transmitted to Tencent Cloud OCR for processing. This is a meaningful privacy issue because users may submit resumes, legal files, or other sensitive documents without informed consent about third-party processing and possible cross-boundary data transfer.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This reference describes processing resumes, which commonly contain highly sensitive personal data, without requiring an explicit warning, consent check, or privacy notice before extraction and display. In practice, this increases the risk of users or downstream agents handling PII without adequate awareness, minimization, or compliance controls.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script accepts arbitrary image URLs or Base64 image/PDF content and transmits that user-provided data to Tencent Cloud OCR, but it does not present any explicit warning, consent gate, or privacy notice at execution time. This is dangerous because users may unknowingly send sensitive documents such as IDs, resumes, legal files, or internal PDFs to a third-party cloud service, creating privacy, compliance, and data residency risk.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The prompt repeatedly instructs the model to preserve and reproduce all resume text verbatim, which can force disclosure of sensitive personal and professional information far beyond what is necessary for most use cases. Because resumes often contain phone numbers, email addresses, birth dates, addresses, and employment history, this design materially increases privacy leakage in the final response.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The extraction template explicitly requests a broad set of personal identifiers and profile data from raw OCR text, including contact details, birth information, location, and online profiles. This creates a structured pipeline for surfacing sensitive data to the user or downstream systems, increasing the risk of over-collection and unnecessary exposure.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The prompt injects raw OCR text wholesale into the model context and instructs the model to output all information without reduction. This is dangerous because any sensitive or accidental content present in the OCR text will be propagated directly into model outputs, amplifying privacy exposure and making accidental disclosure much more likely.

Ssd 3

Medium

Confidence: 97% confidence
Finding: The formatting template explicitly places unmasked personal identifiers such as name, phone, email, location, and profile links into user-visible Markdown output. In resume-processing contexts, that creates a direct path for exposing PII in chats, logs, transcripts, exports, or shared documents.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The repeated insistence on complete preservation of every detail reinforces an unsafe processing pattern: maximum disclosure rather than least-privilege handling of personal data. In the resume context, this increases the chance that sensitive details are exposed unnecessarily in outputs, logs, and downstream handling.

VirusTotal

VirusTotal findings are pending for this skill version.

Static analysis

No suspicious patterns detected.