mineru-extract
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads document processing results as ZIP files from the official MinerU API domain (mineru.net).
- [PROMPT_INJECTION]: Processes content from external URLs and documents, which represents an indirect prompt injection surface if the ingested data contains instructions targeting the agent.
- Ingestion points: scripts/mineru_extract.py, scripts/mineru_parse_documents.py (via URL input)
- Boundary markers: None implemented for the extracted Markdown content.
- Capability inventory: File write and network read capabilities are used to fetch and store document data.
- Sanitization: Implements content truncation via the --max-chars parameter.
Audit Metadata