mineru-ocr
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSNO_CODEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill utilizes the command '/usr/bin/osascript -l JavaScript .claude/skills/mineru-ocr/scripts/convert.js' to execute its main logic. This allows for broad system-level interactions that cannot be fully verified without the script content.
- [NO_CODE] (MEDIUM): The script 'scripts/convert.js' is referenced as the primary executor but is not included in the skill files. This lack of transparency regarding the skill's code prevents a complete analysis of its network and file system behavior.
- [DATA_EXFILTRATION] (MEDIUM): The skill is designed to upload user-provided documents (including PDF, Word, and images) to 'https://mineru.net'. This represents a potential exposure of sensitive information to an external entity.
- [EXTERNAL_DOWNLOADS] (LOW): The skill interacts with the external MinerU API. While this is the intended purpose, it involves outbound network requests to a non-trusted domain.
- [PROMPT_INJECTION] (LOW): The skill presents an Indirect Prompt Injection surface by processing untrusted external documents. 1. Ingestion points: Reads various document formats (PDF, DOCX, etc.) via the 'convert.js' script. 2. Boundary markers: The documentation does not specify the use of delimiters or warnings to prevent the agent from executing instructions found within the processed text. 3. Capability inventory: The skill has the ability to execute scripts and make network requests via 'osascript'. 4. Sanitization: There is no evidence that the converted Markdown content is sanitized before being returned to the AI agent.
Audit Metadata