paper-compilation
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to Indirect Prompt Injection. It processes untrusted LaTeX source files and explicitly directs the agent to read and fix resulting compilation errors. A malicious file could be crafted to produce error logs containing instructions that trick the agent. \n
- Ingestion points: The
scripts/compile_paper.pyscript reads the contents of user-provided.texfiles and the.logfiles produced during compilation. \n - Boundary markers: None. Error messages and log snippets are printed to the agent's context without delimiters or security warnings. \n
- Capability inventory: The skill has the ability to read and write files and execute subprocesses including
pdflatex,bibtex,chktex, and a local Python fixing script. \n - Sanitization: There is no filtering or sanitization of the LaTeX logs before they are presented to the agent. \n- Command Execution (SAFE): External commands are executed using list-based arguments through
subprocess.run, which prevents shell injection vulnerabilities. \n- External Downloads (LOW):SKILL.mdcontains instructions for installing LaTeX distributions via trusted package managers (APT and Homebrew). While these involve downloading external software, they are standard dependencies for the skill's functionality and target reputable sources.
Audit Metadata