mineru-ocr

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs users to provide their MinerU Token to the AI (e.g., "帮我配置 MinerU，Token 是：xxx" and "新的 Token 是：xxx"), which requires the agent to receive and likely embed that secret verbatim into config files/commands, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts arbitrary remote document and webpage URLs (see SKILL.md "本地文件、远程文档 URL、网页 URL") and the runtime script (.claude/skills/mineru-ocr/scripts/convert.js, e.g., convertRemoteUrlWithTokenApi/convertRemoteUrlWithLightApi and downloadRemoteImages) fetches and ingests that external content and downloads referenced assets, so untrusted third‑party content can influence runtime actions.