latex-formatting
Pass
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to ingest and process untrusted LaTeX source files, which creates a potential surface for indirect prompt injection attacks.
- Ingestion points: The skill reads user-provided
.texfiles (e.g.,paper/main.tex) through thecheckandfixactions. - Boundary markers: There are no explicit instructions or delimiters mentioned in the skill definition to prevent the agent from following natural language instructions hidden in LaTeX comments or math environments.
- Capability inventory: The skill has the capability to write to the file system (e.g.,
main_fixed.tex) and execute local Python scripts as defined in theSKILL.mdinstruction set. - Sanitization: The
clean_latex.pyscript specifically removes zero-width characters (\u200b) and sanitizes special characters for LaTeX compilation safety, but it does not sanitize or filter the content for malicious LLM instructions.
Audit Metadata