self-review
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted external data.\n
- Ingestion points: The skill reads external PDF and LaTeX source files provided as user arguments (paper.pdf or .tex files).\n
- Boundary markers: Absent. The instructions in
SKILL.mdand the scripts do not employ delimiters or explicit instructions to the LLM to ignore potentially malicious embedded commands within the extracted paper text.\n - Capability inventory: The skill executes local Python scripts (
extract_pdf_text.pyandparse_pdf_sections.py) for text extraction and section parsing. It does not have built-in network exfiltration or file-write capabilities in the provided code.\n - Sanitization: Absent. Extracted content is passed directly into the review workflow without filtering or escaping.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill recommends installing standard, well-known Python libraries for PDF processing (
pymupdf4llm,pymupdf,pypdf). These are legitimate dependencies required for the skill's primary function and do not originate from suspicious sources.
Audit Metadata