mineru-pdf-parser

Pass

Audited by Gen Agent Trust Hub on Jul 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/mineru_parse.py uses os.system() to install dependencies (uv, mineru) and download models. These calls use hardcoded strings and require the user to explicitly pass the --install flag.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the mineru and uv packages from the Python Package Index (PyPI), which is a well-known package registry.
  • [PROMPT_INJECTION]: The skill identifies as an attack surface for indirect prompt injection (Category 8) as it processes potentially untrusted external data.
  • Ingestion points: External PDF files are ingested through the mineru.parse() method in scripts/mineru_parse.py.
  • Boundary markers: The output Markdown does not use explicit delimiters or instructions to ignore embedded commands from the source PDF.
  • Capability inventory: The skill possesses capabilities for file system writes (saving results) and shell command execution (via the install function).
  • Sanitization: No content validation or sanitization is performed on the text extracted from the PDF before it is interpolated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 3, 2026, 06:13 AM
Security Audit — agent-trust-hub — mineru-pdf-parser