MinerU Document Extractor
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of the mineru-open-api CLI tool via NPM or Go from official vendor repositories on GitHub.
- [COMMAND_EXECUTION]: The agent is directed to use the mineru-open-api command-line interface for document conversion, web crawling, and authentication tasks.
- [DATA_EXFILTRATION]: Features like crawl and flash-extract allow the tool to fetch and process content from remote URLs as part of its document extraction workflow.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection due to its core functionality of ingesting and parsing untrusted external documents and web content.
- Ingestion points: Processes local files such as PDFs and images, and crawls remote web pages.
- Boundary markers: No specific delimiters or instructions to treat output as untrusted data are defined in the skill body.
- Capability inventory: The skill uses the mineru-open-api tool for shell-based document processing.
- Sanitization: No explicit sanitization or filtering of the extracted content is mentioned in the provided instructions.
Audit Metadata