venue-templates
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION] (MEDIUM): Path traversal vulnerability in
scripts/customize_template.pyvia thefind_templatefunction. The function joinsassets_pathwith a user-providedtemplate_nameusing the/operator. In Python'spathlib, if the second operand is an absolute path (e.g.,/etc/passwd), it overrides the previous path, allowing the script to read arbitrary files from the system. - [DATA_EXFILTRATION] (MEDIUM): Arbitrary file write vulnerability in
scripts/customize_template.pyandscripts/validate_format.py. Both scripts accept user-provided output paths (--outputand--report) without validation or sandboxing, enabling the agent to overwrite sensitive system files if prompted with a malicious path. - [COMMAND_EXECUTION] (LOW): Potential argument injection in
scripts/validate_format.py. The script passes user-controlled file paths directly tosubprocess.runas arguments forpdfinfoandpdffonts. While shell injection is avoided by using a list, an attacker could provide paths starting with hyphens to inject flags into the underlying system commands. - [PROMPT_INJECTION] (LOW): Indirect prompt injection surface in
scripts/customize_template.py. The script interpolates unvalidated user input (title, authors, affiliations) directly into LaTeX templates. This could lead to malicious LaTeX code execution (e.g., using\write18if the LaTeX environment is misconfigured) or influence downstream LLM processing of the generated documents. - Ingestion points: Command-line arguments (
--title,--authors, etc.) and interactive prompts inscripts/customize_template.py. - Boundary markers: None present; input is directly substituted into the template string.
- Capability inventory: File system write access via
open().write(). - Sanitization: None; the script uses raw
re.subfor replacements without escaping special LaTeX or regex characters.
Audit Metadata