Skills
skills/kesslerio/mineru-pdf-parser-openclaw-skill/mineru-pdf/Gen Agent Trust Hub

mineru-pdf

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): The skill executes an external binary via scripts/mineru_parse.sh. It allows overriding the command path through the MINERU_CMD environment variable and supports arbitrary argument injection via MINERU_EXTRA_ARGS. Specifically, the script uses unquoted word-splitting for extra arguments (extra=( ${MINERU_EXTRA_ARGS} )), which is a known security risk for shell injection if the environment is influenced.
  • [PROMPT_INJECTION] (HIGH): This skill presents a high-risk surface for Indirect Prompt Injection.
  • Ingestion points: The scripts/mineru_parse.sh script accepts arbitrary PDF files provided as the primary input.
  • Boundary markers: None are present. The skill produces raw Markdown and JSON data which is likely to be interpolated directly into an agent's context window.
  • Capability inventory: The skill has the capability to write to the local filesystem (mkdir -p) and execute external subprocesses (mineru).
  • Sanitization: There is no sanitization or filtering of the parsed content. Malicious instructions embedded in a PDF's text, layout metadata, or table structures will be passed directly to the agent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 08:04 AM