paper-to-code
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (LOW):\n
- Ingestion points: The
{paper_content}variable inreferences/paper-to-code-prompts.mdingests untrusted text from PDF files or external URLs.\n - Boundary markers: Absent. The prompts lack delimiters or instructions to ignore malicious directives embedded within the input papers.\n
- Capability inventory: The skill workflow includes writing multiple Python scripts and a shell script (
reproduce.sh), followed by automated execution attempts.\n - Sanitization: Absent. No validation or escaping is performed on the ingested paper content before it is processed by the LLM.\n- Command Execution (MEDIUM): The
Stage 4: Debuggingworkflow inSKILL.mddescribes an automated 'Re-run until successful' process. This involves executing the generatedreproduce.shscript and Python code. If the paper content contains adversarial instructions that lead to the generation of malicious code, the agent will execute that code during the debugging phase.\n- External Downloads (LOW): The skill supports taking a 'paper URL' as input, which triggers the agent to fetch content from arbitrary, non-whitelisted external domains.
Audit Metadata