Skills
skills/davila7/claude-code-templates/paper-2-web/Gen Agent Trust Hub

paper-2-web

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The installation guide explicitly instructs users to create a .env file containing sensitive OPENAI_API_KEY, OPENROUTER_API_KEY, and GOOGLE_API_KEY. While these are placeholders (your_openai_api_key_here), the practice of storing plaintext secrets in the project root is a high-risk pattern for data exposure.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill directs users to clone an external repository (https://github.com/YuhangChen1/Paper2All.git) and download binaries from other third-party GitHub pages (e.g., oschwartz10612/poppler-windows). These sources are not within the defined trusted organizations.
  • COMMAND_EXECUTION (MEDIUM): The documentation contains instructions for executing system-level commands using sudo apt-get install, which grants elevated privileges to the installation process. It also encourages running a Python pipeline (pipeline_all.py) that likely executes various sub-processes for video and document manipulation.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 04:54 PM