paper-analyzer
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Path traversal vulnerability in
scripts/generate_html.py. The script uses theprocess_imagesfunction to find image references in markdown and embed them as Base64 strings. It constructs the file path by joining the base directory with the image source (img_path = base_dir / src) without validating that the source remains within the intended directory. A malicious markdown file could reference sensitive system files (e.g.,../../.ssh/id_rsa), leading to their contents being exposed in the generated HTML article. - [EXTERNAL_DOWNLOADS]: Potential Zip Slip vulnerability in
scripts/mineru_api.py. The script downloads ZIP archives from the MinerU API (mineru.net) and extracts them usingzipfile.extractall(output_dir). This method does not prevent directory traversal if the ZIP file contains malicious filenames with relative paths (e.g.,../../target_file), which could be used to overwrite files outside of the output directory. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection through the ingestion of external data.
- Ingestion points: External PDF content is fetched and parsed via the MinerU Cloud API and local processing scripts.
- Boundary markers: The skill does not implement delimiters or specific instructions to the agent to treat the parsed paper content as untrusted.
- Capability inventory: The skill includes scripts with file system access (read/write) and network communication capabilities.
- Sanitization: No validation or sanitization is performed on the text extracted from the academic papers before it is passed to the language model for synthesis and article generation.
Audit Metadata