Geek-skills-mineru-pdf-parser

Warn

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/mineru_parse.py uses the os.system() function to execute shell commands for environment setup and model management.
  • Evidence: os.system("pip install uv && uv pip install -U 'mineru[all]'") and os.system("mineru-models-download") in scripts/mineru_parse.py.
  • [EXTERNAL_DOWNLOADS]: The skill triggers the download of external Python packages and large machine learning model weights at runtime.
  • Evidence: Setup instructions in SKILL.md and the install_mineru function in scripts/mineru_parse.py fetch assets from public registries and model hubs.
  • [DATA_EXPOSURE]: Documentation describes a configuration file ~/.mineru.json that stores an LLM API key, which could be exposed if the local environment is compromised.
  • Evidence: The references/api_reference.md file shows a configuration schema containing an api_key field for llm-aided-config.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes external, untrusted PDF files and converts them into structured text for LLM consumption, creating a surface for injection attacks.
  • Ingestion points: The parse_single_pdf function in scripts/mineru_parse.py reads arbitrary PDF files.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the tool's output and potentially malicious instructions embedded in the PDF.
  • Capability inventory: The skill environment includes file system write access and the ability to execute shell commands via the wrapper script.
  • Sanitization: There is no evidence of sanitization or safety filtering applied to the extracted PDF content before it is returned to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 2, 2026, 07:34 AM
Security Audit — agent-trust-hub — Geek-skills-mineru-pdf-parser