paper-audit
Warn
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
SKILL.mdfile defines an orchestration step that executespython "$SKILL_DIR/scripts/audit.py" $ARGUMENTSvia a bash shell. Additionally,scripts/audit.pyusessubprocess.runto dynamically execute multiple Python scripts (e.g.,check_format.py,analyze_grammar.py) based on the input file type and language. - [REMOTE_CODE_EXECUTION]: The file
scripts/parsers.pyusesimportlib.utilto dynamically load and execute Python code from a computed path pointing to a sibling skill directory (latex-paper-en/scripts/parsers.py). This allows execution of code that is not contained within the audited skill's package. - [PROMPT_INJECTION]: The skill processes untrusted user documents (PDF, TeX, Typst) and passes the extracted text as context to specialized LLM agents (Methodology, Domain, and Critical Reviewers). This creates a surface for indirect prompt injection where malicious instructions embedded in a paper could influence the agent's behavior.
- Ingestion points: Document parsing in
scripts/audit.pyandscripts/pdf_parser.py. - Boundary markers: None identified in the provided agent definitions.
- Capability inventory: Uses the
Tasktool to spawn sub-agents for review phases. - Sanitization:
PdfParser.clean_textinscripts/pdf_parser.pyperforms structure cleaning but does not sanitize against prompt injection patterns. - [EXTERNAL_DOWNLOADS]: The skill includes an optional
--onlineflag that, when enabled, allows scripts to make network requests to external services like CrossRef or Semantic Scholar for bibliography verification.
Audit Metadata