The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of subprocess.run in multiple scripts (compile.py, check_format.py) to execute system binaries such as pdflatex, xelatex, latexmk, bibtex, biber, and chktex. These tools are necessary for its core functionality but provide a broad interface for interacting with the underlying operating system.
[REMOTE_CODE_EXECUTION]: The compilation script (scripts/compile.py) supports an optional --shell-escape argument. In the LaTeX ecosystem, this flag enables the \write18 command, allowing a document to execute arbitrary shell commands during the compilation process. If an agent is induced to compile a malicious LaTeX file with this flag enabled, it could lead to full system compromise. The script includes a warning message regarding this risk.
[EXTERNAL_DOWNLOADS]: The bibliography verification module (scripts/online_bib_verify.py) connects to the CrossRef and Semantic Scholar APIs to validate paper metadata. While these are well-known and trusted academic services, they involve outbound network requests based on data found within user-provided bibliography files.
[DATA_EXFILTRATION]: The skill transmits paper titles and DOIs to external APIs. While this is consistent with the tool's intended purpose for citation verification, it does involve sending data from the local environment to remote servers.
[PROMPT_INJECTION]: The SKILL.md and several reference guides (references/CITATION_VERIFICATION.md, references/DEAI_GUIDE.md) contain detailed instructions that guide the AI's behavior. While these are mostly legitimate instructions for paper auditing, the high complexity of the rules and the processing of untrusted user documents create a surface for potential indirect prompt injection.

latex-paper-en