mineru-ocr
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/convert.jsutilizes JXA'sapp.doShellScriptto execute system commands such ascurl,unzip,find, andcp. The script implements a quoting function to escape arguments, which mitigates the risk of command injection from external inputs like file names or API responses. - [EXTERNAL_DOWNLOADS]: The skill fetches document conversion results from
mineru.netin the form of ZIP archives and extracts them locally. This is a standard part of the document processing workflow described in the skill's purpose. - [DATA_EXFILTRATION]: User-provided document files are transmitted to the MinerU service (
https://mineru.net) for processing. This data transfer is documented and necessary for the primary function of the skill. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it processes untrusted content from external documents.
- Ingestion points: External files (PDF, DOCX, Images) are ingested and converted via
scripts/convert.js. - Boundary markers: Absent; the converted Markdown output is provided to the agent without specific delimiters or warnings to ignore embedded instructions.
- Capability inventory: The skill can execute shell commands, perform network operations, and write files to the system.
- Sanitization: There is no sanitization or filtering of the extracted text content before it is delivered to the agent context.
Audit Metadata