resume-latex-pdf-generator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to LaTeX injection.\n
- Ingestion points: User experience data sourced from the ExperienceSelector component.\n
- Boundary markers: The skill lacks explicit delimiters or instructions to treat interpolated data as literal text, instead replacing placeholders directly.\n
- Capability inventory: Utilizes create_latex_file (filesystem write access) and compile_pdf (process execution environment).\n
- Sanitization: Step 3 of the workflow escapes only five characters (&, %, $, #, _). It does not escape the backslash (\), which is the primary command prefix in LaTeX, enabling the injection of sensitive commands like \input{/etc/passwd} or \write18.\n- [Command Execution] (LOW): The compile_pdf tool invokes a LaTeX engine. While manual shell commands are forbidden in the instructions, the execution context is vulnerable if the engine is not properly sandboxed on the server side.
Recommendations
- AI detected serious security threats
Audit Metadata