skills/nebutra/mineru-skill/mineru/Gen Agent Trust Hub

mineru

Pass

Audited by Gen Agent Trust Hub on Jun 2, 2026

Risk Level: SAFE
Full Analysis
  • [DYNAMIC_EXECUTION]: The integration registry in scripts/sinks/__init__.py dynamically loads delivery submodules using importlib.import_module. This implementation is safe as it exclusively loads from a hardcoded list of supported integrations, preventing arbitrary code execution.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the official MinerU API endpoints (mineru.net) to process documents and communicates with several well-known services (such as Notion, Slack, and Microsoft Graph) to deliver the parsed results. All network activity is consistent with the skill's stated purpose.
  • [COMMAND_EXECUTION]: The skill performs local file operations and utilizes library calls for PDF splitting and offline parsing. These actions are restricted to processing the user's input files and do not include any unauthorized shell command execution or privilege escalation vectors.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 2, 2026, 04:39 PM
Security Audit — agent-trust-hub — mineru