latex-format-adapter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill possesses a significant attack surface for indirect prompt injection by design. It is instructed to parse external, untrusted documents to generate LaTeX code.
- Ingestion points: Processes external specification documents (PDF, .docx), images/screenshots, and user-provided text as described in the 'Input Sources' section of SKILL.md.
- Boundary markers (absent): There are no instructions for the agent to use delimiters or specific safety prompts to ignore instructions found within the processed external documents.
- Capability inventory: The skill has the capability to write and modify files on the local filesystem, specifically LaTeX source files (.tex), style files (.sty), and class files (.cls). Maliciously crafted LaTeX (e.g., using \write18 for shell commands) could lead to remote code execution if compiled with --shell-escape.
- Sanitization (absent): The workflow does not include a step for sanitizing or filtering input derived from external documents before interpolating it into the generated LaTeX code.
Audit Metadata