minimax-pdf
Warn
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: Multiple scripts within the skill, including
fill_inspect.py,fill_write.py,merge.py,reformat_parse.py,render_body.py,make.sh, andrender_cover.js, utilizesubprocess.check_callorspawnSync. These functions are used to execute shell commands to modify the system environment by installing dependencies. - [EXTERNAL_DOWNLOADS]: The skill performs several automated downloads from external services. It retrieves font stylesheets from Google Fonts and uses package managers to download
pypdf,reportlab,matplotlib, andplaywrightfrom PyPI and NPM. Additionally, it downloads Chromium browser binaries via the Playwright install utility. - [REMOTE_CODE_EXECUTION]: The skill features an automatic dependency installation mechanism that downloads and installs third-party code from public registries at runtime without user confirmation. This occurs during the initialization of several Python scripts and the execution of the Node.js cover renderer, which could lead to the execution of malicious code if a package in the supply chain were compromised.
- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from Markdown, TXT, and PDF files. Ingestion points: External document content is parsed in
reformat_parse.pyand rendered inrender_body.py. Boundary markers: There are no markers or instructions used to isolate processed data from the agent's instructions. Capability inventory: The skill has the ability to execute shell commands and perform file operations. Sanitization: The skill lacks comprehensive sanitization of input text, relying on basic regular expressions for Markdown-to-XML conversion before rendering content into the PDF.
Audit Metadata