mineru-parser
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill enables an AI agent to ingest content from external documents (PDFs, images, etc.) via URLs, which introduces a surface for indirect prompt injection attacks.
- Ingestion points: File content retrieved from external URLs during the MinerU task submission phase in
SKILL.md. - Boundary markers: The provided documentation and code snippets do not include explicit instructions or delimiters (like XML tags or markdown blocks) to warn the agent about potentially malicious instructions embedded within the parsed documents.
- Capability inventory: The skill performs network requests (
requests.post,requests.get) and writes files to the local system (zip_file.extractall). - Sanitization: No sanitization or filtering of the extracted markdown content is demonstrated or recommended in the provided logic.
- [DATA_EXFILTRATION]: The skill transmits document URLs to the MinerU API (
mineru.net). This is the core intended functionality. It follows security best practices for data handling by using the Authorization header for API tokens and providing clear guidance against hardcoding secrets, recommending environment variables instead.
Audit Metadata