academic-slides
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The script
scripts/compile.pyinvokes thetypstandlatexmkbinaries usingsubprocess.run. While the implementation follows best practices by using list-based arguments and avoidingshell=True, the execution of document compilation engines on content generated from untrusted sources presents a minor security boundary risk inherent to these tools. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through its paper conversion functionality.
- Ingestion points: External data is ingested through the
from-paperworkflow as defined inWORKFLOWS.md, which processes content from academic papers. - Boundary markers: Absent. The provided documentation and resource files do not specify the use of delimiters or 'ignore' instructions for the ingested text.
- Capability inventory: The skill possesses the ability to execute system commands (
typst,latexmk) and perform recursive file system operations across the project root. - Sanitization: Absent. No sanitization logic for input text is present in the provided Python scripts or resource-based instructions.
Audit Metadata