paper-analyzer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly shows and allows passing the MinerU API token as a direct command-line argument (python scripts/mineru_api.py paper.pdf ./output YOUR_TOKEN), which encourages embedding secret values verbatim in generated commands/outputs and thus creates a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests arbitrary third‑party paper content via the MinerU Cloud API (scripts/mineru_api.py accepts pdf URLs or uploads and downloads parsed markdown/images) and optionally clones/browses GitHub repositories for code (styles/with-code.md), meaning untrusted external content is read and used to drive analysis and generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The scripts (scripts/mineru_api.py) call the MinerU Cloud API (https://mineru.net/api/v4) at runtime to upload PDFs and download parsed Markdown/images which are injected into the agent’s processing pipeline, so remote content from that URL can directly control the model input/context and is a required runtime dependency.