The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/pdf_to_markdown.py utilizes the curl command with the -k (or --insecure) flag to download conversion results. This disables SSL/TLS certificate verification, rendering the download process vulnerable to Man-in-the-Middle (MitM) attacks where results could be intercepted or modified.
[COMMAND_EXECUTION]: The skill executes external system commands such as pdfinfo and curl through subprocess.run. Although it uses argument lists to prevent shell injection, the lack of sanitization on user-provided file paths could allow for argument injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill downloads and extracts ZIP archives using zipfile.extractall() without validating the target paths of the archive members. This pattern is historically linked to directory traversal (Zip Slip) vulnerabilities, which is particularly concerning given the unverified download channel.
[PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by converting untrusted external PDF files into Markdown for consumption by the agent.
Ingestion points: scripts/pdf_to_markdown.py (downloads and extracts full.md from a remote API response).
Boundary markers: Absent; the converted Markdown is returned without delimiters or warnings to the agent to disregard instructions within the data.
Capability inventory: subprocess.run (executing system binaries) and file system write access.
Sanitization: Absent; the script does not filter or sanitize the extracted text for potentially malicious instructions before presenting it to the agent.

mineru-pdf-converter