mineru-extract

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly accepts arbitrary public URLs (see SKILL.md "Parse URL(s) → Markdown" and scripts/mineru_parse_documents.py --file-sources and scripts/mineru_extract.py "source" arg), sends them to MinerU, downloads the result zip and extracts/optionally emits the Markdown/JSON to stdout, so untrusted, user-generated web content is fetched and returned for the agent to read and act on, allowing indirect prompt injection.