mineru
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits local document content to the MinerU API (mineru.net) for processing. This is the primary function of the skill and requires a user-provided API token.
- [EXTERNAL_DOWNLOADS]: The skill downloads processed archives containing Markdown and image files from the MinerU service infrastructure.
- [COMMAND_EXECUTION]: The skill includes several Python scripts (e.g., mineru_v2.py, mineru_api.py) that perform file system reading and writing operations alongside network requests.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection from the documents it processes.
- Ingestion points: Document files provided through the --file or --dir arguments in scripts like mineru_v2.py.
- Boundary markers: The skill does not implement delimiters or ignore-instructions warnings to isolate parsed document content from system prompts.
- Capability inventory: The skill possesses capabilities for local file system access (read/write) and network operations (requests/aiohttp).
- Sanitization: Extracted text and metadata are provided to the agent without any sanitization or validation of the content against malicious instructions.
Audit Metadata