Skills
skills/davila7/claude-code-templates/ml-paper-writing/Gen Agent Trust Hub

ml-paper-writing

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The templates/neurips2025/Makefile contains an upgrade target that uses curl to download a ZIP archive from media.neurips.cc and subsequently extracts it using unzip. This represents an unverifiable external dependency that is not on the trusted source list.
  • COMMAND_EXECUTION (LOW): The Makefile executes several shell commands (find, xargs, rm, pdflatex, bibtex) to manage build artifacts and compile documents. While these are standard build tools, they represent a capability surface that could be exploited if malicious inputs are provided.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection. LaTeX is a complex system that can execute arbitrary commands (e.g., via \write18) or include malicious packages. 1. Ingestion points: LaTeX source files (.tex) in the templates directory. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of pdflatex and file system access via Makefile. 4. Sanitization: Absent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:13 PM