The Agent Skills Directory

Dynamic Execution (MEDIUM): The reference file references/traceability-patterns.md provides an implementation pattern for the \num command using Python's eval() function. Although the logic is not present in the skill's executable script, the guidance encourages the agent to evaluate untrusted strings from external files, which is a significant security risk.
Indirect Prompt Injection (LOW): The skill is designed to ingest and process untrusted LaTeX files (paper/main.tex). If an agent follows the provided reference to evaluate formulas within these files, it creates an attack surface for code execution via malicious LaTeX content. Mandatory Evidence Chain: 1. Ingestion points: paper/main.tex (via SKILL.md scripts). 2. Boundary markers: Absent in the suggested implementation. 3. Capability inventory: Documented logic suggests evaluating external strings using Python's eval. 4. Sanitization: No sanitization or sandboxing is described in the reference implementation.

backward-traceability