The Agent Skills Directory

[COMMAND_EXECUTION]: Shell commands are used to manipulate user-supplied files. The loop while read f; do cp "$f" output/tables/; done lacks robust handling for filenames with special characters or newlines, potentially leading to unintended command behavior or errors if an attacker crafts a malicious archive.
[PROMPT_INJECTION]: The skill processes untrusted external data, creating an attack surface for indirect prompt injection.
Ingestion points: Processes content from user-uploaded .zip archives and fetches text from external URLs provided by the user (conference submission pages).
Boundary markers: No specific delimiters or "ignore instructions" directives are identified to prevent the agent from following instructions embedded within extracted LaTeX files or fetched web content.
Capability inventory: Includes file system access (read, write, delete), directory creation, archive extraction via unzip, and shell-based search operations via grep and find.
Sanitization: No evidence of sanitization is provided for filenames or the content extracted from the untrusted archives or remote URLs before they are processed by the agent.

latex-conference-template-organizer