Fail
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill explicitly instructs the user or agent to run
curl -fsSL https://drop-sh.fullyjustified.net | shin bothroutes/latex.mdandscripts/setup.sh. This pattern downloads and executes unverified remote code directly in the shell, which is a high-risk vector for system compromise. - [EXTERNAL_DOWNLOADS]: The skill performs multiple unverified runtime downloads and installations of dependencies.
scripts/pdf.shexecutes globalnpminstallations forplaywrightand triggers the download of thechromiumbrowser, in addition to installingpikepdfandpdfplumberviapip. Furthermore,scripts/compile_latex.pyincludes logic to dynamically install thepypdflibrary usingpipif it is missing during execution. - [COMMAND_EXECUTION]: The skill uses Python's
subprocessmodule to execute system commands for its core functionality.scripts/cmd_convert.pyinvokessoffice(LibreOffice) for format conversion, whilescripts/compile_latex.pycalls thetectonicbinary for LaTeX processing.scripts/browser_helper.jsalso uses system calls to locate browsers and manage Node.js packages. - [DATA_EXFILTRATION]: In
scripts/html_to_pdf.js, the skill uses Playwright to render HTML files using thefile://protocol. This processing of potentially untrusted HTML data in a browser environment provides a surface for reading local files, which could lead to data exposure, although browser-level sandboxing remains a factor.
Recommendations
- HIGH: Downloads and executes remote code from: https://drop-sh.fullyjustified.net - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata