Security Audit
dkyazzentwatwa/chatgpt-skills:ocr-document-processor
github.com/dkyazzentwatwa/chatgpt-skillsTrust Assessment
dkyazzentwatwa/chatgpt-skills:ocr-document-processor received a trust score of 50/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 7 findings: 0 critical, 1 high, 5 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Excessive File System Access and Data Exfiltration Risk, Unpinned or Loosely Pinned Dependencies.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Dependency Graph layer scored lowest at 65/100, indicating areas for improvement.
Last analyzed on February 24, 2026 (commit d4bad335). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive File System Access and Data Exfiltration Risk The skill allows reading from and writing to arbitrary file paths provided by the user without validation or sandboxing. An attacker controlling input arguments like 'source' (in `OCRProcessor.__init__`), 'output_path' (in `export_*` methods), 'input_dir', or 'output_dir' (in `batch_ocr`) could read sensitive files (e.g., '/etc/passwd'), overwrite critical system files, or write malicious content to arbitrary locations on the filesystem where the agent has write permissions. This poses a significant data exfiltration and system integrity risk. Implement strict path validation and sandboxing. Restrict file operations to a designated, isolated directory. For agent environments, ensure that the agent's execution context limits the skill's filesystem access to only necessary, temporary directories. If arbitrary paths are required, implement a whitelist or robust sanitization to prevent directory traversal and access to sensitive system files. For output paths, consider returning content directly or using a temporary file service rather than writing to arbitrary locations. | Static | scripts/ocr_processor.py:60 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pytesseract>=0.3.10' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | ocr-document-processor/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'Pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | ocr-document-processor/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'PyMuPDF>=1.23.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | ocr-document-processor/scripts/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'opencv-python>=4.8.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | ocr-document-processor/scripts/requirements.txt:4 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | ocr-document-processor/scripts/requirements.txt:5 | |
| INFO | Unpinned or Loosely Pinned Dependencies The `requirements.txt` file uses minimum version specifiers ('>=') for all dependencies instead of exact versions ('=='). While this allows for easier updates, it introduces a minor supply chain risk as new, potentially vulnerable, versions of dependencies could be installed without explicit review. For production environments, pinning to exact versions or using a lock file is generally recommended to ensure build reproducibility and prevent unexpected dependency changes. Consider pinning dependencies to exact versions (e.g., `package==1.2.3`) or using a dependency lock file (e.g., `Pipfile.lock`, `poetry.lock`) to ensure reproducible builds and mitigate risks from unexpected updates to transitive dependencies. | Static | scripts/requirements.txt:1 |
Scan History
Embed Code
[](https://skillshield.io/report/e913dfbccc1956ab)
Powered by SkillShield