PDF to Markdown - Extract Text, Tables, Formulas from PDF

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward PDF-to-Markdown skill that discloses its third-party MinerU processing, but users should avoid sending sensitive PDFs unless that is acceptable.

Install only if you are comfortable adding the mineru-open-api CLI and sending selected PDFs or PDF URLs to MinerU for online processing. Do not use it for confidential, regulated, or highly sensitive documents unless third-party processing is allowed.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 87% confidence
Finding: The skill's activation guidance uses very broad verbs like "read," "extract," "convert," "parse," "summarize," and "analyze" a PDF, which can cause the agent to invoke this external-processing skill for many ordinary document tasks without sufficiently specific user intent. Because the tool sends documents or URLs to a third-party API, overbroad triggering increases the chance of unintended data exfiltration or use on sensitive PDFs when a safer local or non-upload workflow would have been more appropriate.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal