pdf-converter
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's metadata specifies the installation of the
mineru-open-apipackage from public package registries (npm, uv, and Go). It also references the source repository atgithub.com/opendatalab/MinerU-Ecosystem. - [COMMAND_EXECUTION]: The skill utilizes the
mineru-open-apicommand-line interface to execute document extraction tasks on the host system. - [DATA_EXFILTRATION]: Documents provided by the user, including local files and remote URLs, are sent to the external service at
mineru.netfor OCR and layout analysis. This data flow is inherent to the skill's purpose but involves sending user content to a third-party domain. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from external documents and presents it to the agent for interpretation.
- Ingestion points: Document text and metadata extracted via the
mineru-open-apiCLI as described inSKILL.md. - Boundary markers: The instructions do not define delimiters or protective instructions to help the agent distinguish between its own objectives and potential instructions embedded in the processed documents.
- Capability inventory: The agent has the capability to execute shell commands (
mineru-open-api) and read their output. - Sanitization: No sanitization or filtering is applied to the extracted content before it is processed by the agent's reasoning engine.
Audit Metadata