paper-analyzer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from academic PDFs and processes it through the agent to generate articles. \n
- Ingestion points: PDF content is uploaded to and parsed by the MinerU API, then read from the local file system in
scripts/extract_paper_info.py. \n - Boundary markers: The skill does not implement explicit delimiters or instructions to ignore embedded commands within the extracted paper content. \n
- Capability inventory: The skill possesses file writing capabilities and makes network calls to the MinerU API. \n
- Sanitization: No sanitization of the extracted text is performed before it is used for article generation. \n- [Data Exposure & Exfiltration] (SAFE): The skill handles an API token (
MINERU_TOKEN) for the MinerU service via environment variables or CLI arguments. Documentation uses standard placeholders, and no sensitive local files (e.g., SSH keys) are targeted. \n- [External Downloads] (SAFE): The skill downloads ZIP files containing extraction results frommineru.net. This is a transparent and necessary part of the skill's primary function. \n- [Command Execution] (SAFE): Python scripts use standard libraries for file and network operations. No arbitrary command execution or shell injection vulnerabilities were identified.
Audit Metadata