Skills
skills/blessonism/openclaw-skills/content-extract/Gen Agent Trust Hub

content-extract

Pass

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The script scripts/content_extract.py uses subprocess.run to execute a local Python script located at a hardcoded absolute path (/home/node/.openclaw/workspace/skills/mineru-extract/scripts/mineru_parse_documents.py). Since it uses a list for the command arguments and avoids shell=True, it is not vulnerable to standard shell injection.
  • [PROMPT_INJECTION] (LOW): Category 8: Indirect Prompt Injection surface identified.
  • Ingestion points: The skill ingests untrusted data from external URLs via the web_fetch tool and the mineru_parse_documents.py script wrapper.
  • Boundary markers: The SKILL.md defines a "Result Contract" JSON structure, but there are no explicit instructions or delimiters in the prompt logic to prevent the agent from following instructions embedded within the extracted Markdown content.
  • Capability inventory: The skill performs local script execution (subprocess.run) and interacts with external web services via URLs.
  • Sanitization: There is no evidence of URL scheme validation (e.g., restricting to http/https) or content sanitization to filter out potentially malicious instructions in the extracted text.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 19, 2026, 09:33 PM