Geek-skills-mineru-pdf-parser
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/mineru_parse.pyutilizes theos.system()function to perform environment setup tasks, such as installing dependencies and downloading required models.\n - Evidence: Found
os.system("pip install uv && uv pip install -U 'mineru[all]'")andos.system("mineru-models-download")within theinstall_minerufunction inscripts/mineru_parse.py.\n- [EXTERNAL_DOWNLOADS]: The skill triggers the download of theminerupackage and associated large language models from public registries.\n - Evidence: Instructions in
SKILL.mdand automated calls inscripts/mineru_parse.pyinitiate downloads from PyPI and model hosting platforms.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it extracts text from untrusted PDF files which may contain adversarial instructions.\n - Ingestion points: External PDF data is processed via
mineru.parse(input_path)inscripts/mineru_parse.py.\n - Boundary markers: The skill lacks delimiters or explicit warnings to the agent to treat the extracted content as untrusted data.\n
- Capability inventory: The script possesses capabilities for shell command execution (
os.system) and file system manipulation.\n - Sanitization: There is no evidence of sanitization or filtering of the content extracted from PDF documents before output.
Audit Metadata