Skills
skills/jimmc414/kosmos/latex-posters/Gen Agent Trust Hub

latex-posters

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection surface detected. The script extracts metadata from a user-provided PDF file and outputs it directly to the console.\n
  • Ingestion points: The script extracts metadata such as font names, image lists, and dimensions from a PDF file using pdfinfo, pdffonts, and pdfimages (file: scripts/review_poster.sh).\n
  • Boundary markers: Absent. The script prints the extracted metadata without using any delimiters or providing instructions to ignore potential commands within the data.\n
  • Capability inventory: The script performs local command execution (pdfinfo, pdffonts, pdfimages, ls, awk) and displays the results. If an AI agent parses this output, malicious strings in the PDF metadata could potentially influence the agent's behavior.\n
  • Sanitization: Absent. The script does not sanitize or validate the content of the PDF metadata before displaying it.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:15 PM