Skills
skills/lingzhi227/claude-research-skills/latex-formatting/Gen Agent Trust Hub

latex-formatting

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/latex_checker.py uses subprocess.run to programmatically call scripts/clean_latex.py when the --fix flag is enabled. Although it avoids using shell=True and uses a list for arguments, it invokes external script execution based on the user-provided .tex file path.
  • [DATA_EXFILTRATION]: The load_tex function in scripts/latex_checker.py implements a recursive file resolution mechanism for LaTeX \input{} directives. This implementation lacks path validation or sanitization, making it vulnerable to directory traversal attacks. An attacker could provide a malicious LaTeX file containing \input{../../.ssh/id_rsa} to trick the agent into reading and potentially exposing sensitive file contents through the checker's output or error messages.
  • Ingestion points: The load_tex function in scripts/latex_checker.py (line 45) reads file paths from LaTeX commands.
  • Boundary markers: Absent; the content of included files is merged directly into the processing buffer without delimiters.
  • Capability inventory: subprocess.run (line 254) in scripts/latex_checker.py and file-write operations in scripts/clean_latex.py (line 213).
  • Sanitization: Absent; the script does not check if the resolved path for \input remains within the project directory.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 07:28 AM