The Agent Skills Directory

[PROMPT_INJECTION]: The customize_template.py script provides a surface for indirect prompt injection through the manipulation of LaTeX commands (Category 8). Ingestion points: User-supplied strings for paper titles, author names, and affiliations are accepted as command-line arguments or via interactive input. Boundary markers: No boundary markers, delimiters, or warnings are used when interpolating these strings into the .tex templates. Capability inventory: The skill possesses the capability to write files to the local filesystem (scripts/customize_template.py) and execute system processes (scripts/validate_format.py). Sanitization: The script performs direct regex-based replacement into the templates without escaping or validating the input. A malicious user could provide strings containing LaTeX commands (e.g., }\input{/etc/passwd}\author{) which, if the resulting document is compiled in a sensitive environment, could lead to local file inclusion or other side effects.
[COMMAND_EXECUTION]: The validate_format.py script executes the pdfinfo and pdffonts CLI utilities using subprocess.run. Although the detector flagged these calls, the implementation follows safe practices by passing arguments as a list rather than a single shell string, effectively mitigating standard shell-based command injection vulnerabilities.

venue-templates