venue-templates
Pass
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The scripts scripts/validate_format.py and scripts/generate_schematic.py utilize the subprocess module to execute shell commands. These calls invoke standard PDF utilities (pdfinfo, pdffonts) for format validation and manage internal script execution. These operations use argument lists to avoid shell injection vulnerabilities.
- [EXTERNAL_DOWNLOADS]: The script scripts/generate_schematic_ai.py performs network requests to the OpenRouter API (https://openrouter.ai/api/v1) to generate scientific diagrams. This is a functional requirement for the skill's diagram generation feature and targets a well-known service provider.
- [DATA_EXFILTRATION]: User-provided diagram descriptions are transmitted to the OpenRouter API. This behavior is consistent with the skill's primary purpose and uses standard API integration practices.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted user input for template customization and AI-powered diagram generation.
- Ingestion points: User input is ingested via command-line arguments and interactive prompts in scripts/customize_template.py and scripts/generate_schematic_ai.py.
- Boundary markers: The generate_schematic_ai.py script uses instructional templates to delineate user input, while customize_template.py performs direct string replacement in LaTeX templates.
- Capability inventory: The skill can write local files and perform network requests to external APIs.
- Sanitization: No input validation or sanitization is performed on user-provided strings before they are used in LaTeX templates or AI prompts.
Audit Metadata