Skills
skills/flonat/claude-research/latex-autofix/Gen Agent Trust Hub

latex-autofix

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data to perform automated actions without sufficient isolation.\n
  • Ingestion points: The skill reads user-provided .tex and .bib files, as well as compiler-generated .log files in Phase 2b and Phase 4.\n
  • Boundary markers: None are present. The agent processes file content and logs without using delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: The skill has the ability to modify the filesystem via Write and Edit tools and execute code via Bash (LaTeX tools).\n
  • Sanitization: No sanitization or validation is applied to the log signatures or citation keys extracted from the files before they are used to trigger modifications or command executions.\n- [COMMAND_EXECUTION]: The skill executes shell commands and dynamically generates configuration files.\n
  • It programmatically creates a .latexmkrc file containing a Perl system() call to copy build artifacts.\n
  • It uses Bash with wildcards to execute LaTeX binaries such as latexmk, pdflatex, and biber. While these are standard tools, they are triggered automatically based on potentially untrusted input.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 07:17 PM