paper-2-web
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The installation instructions in 'references/installation.md' require the use of 'sudo' to install system dependencies, which constitutes a privilege escalation risk in an agent environment.
- [REMOTE_CODE_EXECUTION] (HIGH): The skill promotes a 'download then execute' pattern by instructing users to clone an untrusted repository ('https://github.com/YuhangChen1/Paper2All.git') and run its contents ('python pipeline_all.py').
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill's setup process relies on downloading software and binaries from multiple untrusted external domains.
- [CREDENTIALS_UNSAFE] (LOW): Users are directed to store sensitive API keys for OpenAI and Google in a plaintext '.env' file, creating a risk of accidental exposure.
- [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface as it ingests untrusted LaTeX and PDF data and processes it via LLMs without documented sanitization or boundary markers. Evidence Chain: 1. Ingestion points: input/ directory; 2. Boundary markers: Absent; 3. Capability inventory: Python script execution, system calls for LibreOffice/Poppler; 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata