Skills
skills/glebis/claude-skills/pdf-generation/Gen Agent Trust Hub

pdf-generation

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The scripts/generate_pdf.py script executes the pandoc binary using subprocess.run with a list of arguments, which is a secure method that prevents shell injection.
  • [EXTERNAL_DOWNLOADS] (SAFE): The installation instructions direct the user to install well-known and trusted system dependencies via standard package managers like Homebrew and apt-get.
  • [PROMPT_INJECTION] (LOW): The skill possesses a surface for indirect prompt injection because it processes untrusted markdown content and renders it using the XeLaTeX engine without sanitizing LaTeX-specific macros (e.g., \input). 1. Ingestion points: The input_file parameter in scripts/generate_pdf.py and scripts/fix_markdown.py. 2. Boundary markers: No delimiters or warnings are used to distinguish between user content and instructions. 3. Capability inventory: Ability to execute pandoc with xelatex which can read local files. 4. Sanitization: No escaping or validation is performed on the markdown content for LaTeX commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:07 PM