academic-latex-pipeline
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted user data from Markdown files.\n
- Ingestion points: Processes user-provided academic Markdown files (
SourceDocument.md) and TeX files.\n - Boundary markers: Absent; the pipeline does not utilize delimiters or specific instructions to prevent the execution of malicious LaTeX macros embedded in the user content.\n
- Capability inventory: The skill executes local system commands including
pdflatexandbibtex, which can be leveraged for code execution if LaTeX's shell-escape features are enabled.\n - Sanitization: Absent; while the script performs regex-based transformations for formatting, it does not sanitize the input for dangerous LaTeX commands like
\write18.\n- [COMMAND_EXECUTION]: The skill automates document compilation by executing system-level commands such aspdflatex,bibtex, andfc-cache.\n- [EXTERNAL_DOWNLOADS]: The skill fetches Noto Sans CJK KR fonts from Google's official GitHub repository to enable Korean language support in the generated PDFs.\n- [CREDENTIALS_UNSAFE]: The skill's documentation describes using environment variables$GITHUB_TOKENand$OVERLEAF_TOKENfor automated synchronization, which could lead to credential exposure if the environment is improperly configured or logs are leaked.
Audit Metadata