paper-2-web
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill processes untrusted external LaTeX and PDF documents to generate scripts, layouts, and interactive content. This creates a high surface for malicious instructions embedded in papers to override system behavior during LLM processing phases.\n
- Ingestion points: LaTeX source files and PDF documents located in the
input/directory (references/paper2video.md, references/paper2web.md).\n - Boundary markers: Documentation provides no evidence of delimiters or instructions to ignore embedded commands in the source documents.\n
- Capability inventory: The skill possesses extensive capabilities including file system writes (generating websites/videos), subprocess execution (
pipeline_all.py,libreoffice,poppler), and potential network access (Google Search API).\n - Sanitization: No sanitization or validation of untrusted content is mentioned, allowing for potential data poisoning or downstream command manipulation.\n- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The installation instructions require cloning a repository from an untrusted GitHub account (
YuhangChen1/Paper2All). Since this source is outside the trusted organizations list, the code executed at runtime (pipeline_all.py,pipeline_light.py) must be treated as unverified and potentially malicious.\n- [Privilege Escalation] (MEDIUM): The documentation explicitly instructs the user to execute system-level commands withsudo(sudo apt-get install) to install dependencies, which could be exploited if the setup process or installation environment is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata