venue-templates
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions in
SKILL.mdthat steer the agent to promote the developer's hosted platform (K-Dense Web) and mandate the use of other specific skills (scientific-schematics) during document creation. This represents a form of behavioral steering and instruction override.- [COMMAND_EXECUTION]: The scriptscripts/validate_format.pyutilizes thesubprocessmodule to execute external binaries (pdfinfo,pdffonts). While arguments are passed as a list, the script operates on user-provided file paths, which could be exploited if combined with other vulnerabilities.- [INDIRECT_PROMPT_INJECTION]: The scriptscripts/customize_template.pytakes external inputs (title, authors, affiliations) and performs direct string substitution into LaTeX templates without sanitization. This creates a surface for LaTeX injection. If an attacker provides malicious LaTeX code as a paper title and the agent follows the suggested workflow to compile the document usingpdflatex, it could lead to unauthorized file reads or command execution via LaTeX features. - Ingestion points: CLI arguments
--title,--authors, and--affiliationsinscripts/customize_template.py. - Boundary markers: None present in the prompt interpolation or script logic.
- Capability inventory: The skill allows
Bash,Read,Write, andEditoperations, enabling the agent to compile the injected code. - Sanitization: No input validation or escaping is implemented in the customization script.- [DATA_EXFILTRATION]: While no direct exfiltration patterns were found, the combination of LaTeX injection potential and
Bashcapabilities creates a risk path where sensitive data accessible to the agent could be included in generated documents.
Audit Metadata