latex-posters
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The script extracts and prints metadata (page size, fonts, image details) from external PDF files without sanitization. A malicious PDF could contain instructions in its metadata (e.g., font names or document info) that are then echoed into the agent's context, potentially leading to agent subversion.
- Ingestion points: File content/metadata processed via
pdfinfo,pdffonts, andpdfimagesinreview_poster.sh. - Boundary markers: None. Extracted data is printed directly to the output.
- Capability inventory: The script performs read-only operations and subprocess calls to local utilities; it does not have network or write capabilities itself, but its output influences the agent.
- Sanitization: None. Metadata is printed as raw strings.
- [Command Execution] (LOW): The script executes local system binaries (
pdfinfo,pdffonts,pdfimages,ls,gs). While these are standard tools, they must be pre-installed on the host system (e.g., viapoppler-utils). - [Terminal Injection] (LOW): The script prints raw output from PDF tools. If a PDF contains ANSI escape sequences in its metadata, it could manipulate the terminal display of a human user.
Audit Metadata