Geek-skills-mineru-pdf-parser
Warn
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/mineru_parse.pyuses theos.system()function to execute shell commands for environment setup and model management. - Evidence:
os.system("pip install uv && uv pip install -U 'mineru[all]'")andos.system("mineru-models-download")inscripts/mineru_parse.py. - [EXTERNAL_DOWNLOADS]: The skill triggers the download of external Python packages and large machine learning model weights at runtime.
- Evidence: Setup instructions in
SKILL.mdand theinstall_minerufunction inscripts/mineru_parse.pyfetch assets from public registries and model hubs. - [DATA_EXPOSURE]: Documentation describes a configuration file
~/.mineru.jsonthat stores an LLM API key, which could be exposed if the local environment is compromised. - Evidence: The
references/api_reference.mdfile shows a configuration schema containing anapi_keyfield forllm-aided-config. - [INDIRECT_PROMPT_INJECTION]: The skill processes external, untrusted PDF files and converts them into structured text for LLM consumption, creating a surface for injection attacks.
- Ingestion points: The
parse_single_pdffunction inscripts/mineru_parse.pyreads arbitrary PDF files. - Boundary markers: No explicit delimiters or instructions are provided to the agent to distinguish between the tool's output and potentially malicious instructions embedded in the PDF.
- Capability inventory: The skill environment includes file system write access and the ability to execute shell commands via the wrapper script.
- Sanitization: There is no evidence of sanitization or safety filtering applied to the extracted PDF content before it is returned to the agent.
Audit Metadata