pdf-converter
Fail
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's documentation and troubleshooting section contain instructions for the agent to download and execute shell scripts from an external source using risky patterns such as
curl ... | shandirm ... | iex. Specifically, it points tohttps://cdn-mineru.openxlab.org.cn/open-api-cli/install.shand a corresponding.ps1file. This allows arbitrary code execution from a remote server managed by the Shanghai AI Lab. - [EXTERNAL_DOWNLOADS]: The skill is designed to transmit user-provided documents (PDFs, images, and Office files) to a remote API at
mineru.net. While the behavior is disclosed, it involves sending potentially sensitive data to an external third-party service. - [COMMAND_EXECUTION]: The skill functions by executing the
mineru-open-apicommand-line tool with various arguments, including file paths and URLs provided by the user. - [PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection because it processes untrusted documents from local storage or remote URLs. If a processed document contains hidden malicious instructions, the agent might interpret them as valid commands. The skill lacks explicit boundary markers or sanitization logic to mitigate this risk.
Recommendations
- HIGH: Downloads and executes remote code from: https://cdn-mineru.openxlab.org.cn/open-api-cli/install.sh - DO NOT USE without thorough review
Audit Metadata