paper-2-web
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires cloning a repository from an untrusted third-party GitHub account (https://github.com/YuhangChen1/Paper2All.git).
- [REMOTE_CODE_EXECUTION]: The agent is instructed to run Python scripts directly from the cloned repository, which constitutes execution of unverified remote code.
- [COMMAND_EXECUTION]: The installation guide includes the use of sudo apt-get, allowing for administrative privilege escalation to install system software.
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to create and manage a .env file containing sensitive API keys for multiple LLM providers.
- [PROMPT_INJECTION]: The skill processes untrusted academic papers (LaTeX/PDF) through an LLM, creating a surface for indirect prompt injection. • Ingestion points: LaTeX and PDF files provided in the input-dir. • Boundary markers: None identified in the provided documentation. • Capability inventory: Includes the Bash tool, file system write access (Write, Edit), and network access via APIs. • Sanitization: No documented sanitization of extracted paper content before processing by LLMs.
Audit Metadata