mineru
Fail
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions and metadata involve downloading and executing remote scripts by piping them directly from an external CDN into the system shell.
- Evidence:
curl -fsSL https://cdn-mineru.openxlab.org.cn/open-api-cli/install.sh | shfound inSKILL.mdandCONTRIBUTING.md. - Evidence:
irm https://cdn-mineru.openxlab.org.cn/open-api-cli/install.ps1 | iexfound inSKILL.mdfor Windows environments. - [COMMAND_EXECUTION]: The skill directs the agent to execute shell commands to interact with the
mineru-open-apitool and perform local operations like hash calculation. - Evidence: Usage of the
mineru-open-apibinary across all core commands defined inSKILL.md. - Evidence: Use of system tools such as
md5sum,md5, andcutfor generating unique output directories. - [PROMPT_INJECTION]: The skill exposes the agent to indirect prompt injection by processing data from external, potentially untrusted documents and web pages and converting them into Markdown for the agent.
- Ingestion points: Document extraction and web crawling via
mineru-open-api crawl,extract, andflash-extractcommands inSKILL.md. - Boundary markers: Absent. No instructions or delimiters are used to isolate the extracted content or prevent the agent from obeying instructions embedded in the documents.
- Capability inventory: The agent has access to shell execution and file system operations.
- Sanitization: No content validation or escaping is applied to extracted data before it is returned to the agent's context.
Recommendations
- HIGH: Downloads and executes remote code from: https://cdn-mineru.openxlab.org.cn/open-api-cli/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata