The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes content from arbitrary external URLs which presents a surface for indirect prompt injection attacks. 1. Ingestion points: Content is fetched from user-provided URLs and extracted from ZIP files in scripts/mineru_extract.py and scripts/mineru_parse_documents.py. 2. Boundary markers: No specific delimiters or warning instructions are used to wrap the output Markdown before it is returned to the agent. 3. Capability inventory: The skill scripts do not have dangerous capabilities such as arbitrary command execution, network exfiltration of local files, or privilege escalation. 4. Sanitization: No sanitization or filtering of the extracted Markdown text is performed.

mineru-extract