mineru

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and processes arbitrary public URLs (see scripts/mineru_api.py and other scripts' --url/--urls-file options, references/api_reference.md POST /extract/task, and README sections stating "PDF Input: Local files, URLs"), sending those remote documents to the MinerU API and parsing their contents as part of its runtime workflow, thus exposing the agent to untrusted third‑party content.