The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes the xelatex system compiler using subprocess.run to transform LaTeX source into PDF documents. This operation is performed securely: the --shell-escape flag is not used, preventing the execution of arbitrary shell commands from within the LaTeX environment, and the working directory is restricted to a validated output folder.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted user-provided materials to generate document content.
Ingestion points: External text materials are loaded via init_budget_run.py and stored in budget_spec.json.
Boundary markers: None (direct interpolation into template sections).
Capability inventory: The agent can perform file system writes and execute the xelatex compiler via Python scripts.
Sanitization: Highly effective. The escape_latex_text function in render_budget_project.py explicitly escapes LaTeX control characters (%, &, $, #, _, {, }, ~, ^), which neuters any attempted LaTeX injection attacks from the input material.
[SAFE]: File system security is maintained through a dedicated runtime_utils.py module. The functions safe_rel_path and resolve_under perform rigorous checks (e.g., forbidding absolute paths and directory traversal segments like '..') to ensure all file operations remain confined to the user-designated workspace, preventing unauthorized access or accidental overwriting of system files.

nsfc-budget