backward-traceability
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The reference file
references/traceability-patterns.mddescribes an implementation for evaluating\numcommands using Python'seval()function on strings extracted from LaTeX documents. This pattern is inherently dangerous if the LaTeX input is untrusted, as it could allow an attacker to execute arbitrary Python code via a crafted formula.\n- [Indirect Prompt Injection] (LOW): The skill processes user-provided LaTeX files, creating a surface for potential injection targeting the processing logic or the agent's interpretation of the document.\n - Ingestion points:
paper/main.texprocessed byscripts/ref_numeric_values.py.\n - Boundary markers: None (the script extracts all regex matches without specific delimiters or warnings for the agent to ignore content).\n
- Capability inventory: File reading, JSON reporting, and suggested dynamic execution (via
eval) in the reference documentation.\n - Sanitization: None (uses regex extraction without input validation or escaping).
Audit Metadata