posterskill-academic-posters
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a core repository from GitHub (ethanweber/posterskill) and fetches paper sources from Overleaf.
- [COMMAND_EXECUTION]: Uses shell commands to clone repositories and manage the local environment.
- [EXTERNAL_DOWNLOADS]: Automatically downloads institutional logos from project websites using Playwright during the generation process.
- [PROMPT_INJECTION]: The skill ingests untrusted data from LaTeX files and external URLs which could serve as an attack surface for indirect prompt injection.
- Ingestion points: LaTeX source files in 'overleaf/' directory, reference PDFs, and conference/project URLs.
- Boundary markers: No specific delimiters or instruction-ignore markers are present in the documentation.
- Capability inventory: Shell command execution (git), file system modifications, and network operations via Playwright.
- Sanitization: No mention of input sanitization or validation of the ingested LaTeX or PDF content.
Audit Metadata