paper-2-web
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs users to clone code from an unverified repository (https://github.com/YuhangChen1/Paper2All.git) and download binaries from another untrusted GitHub user (https://github.com/oschwartz10612/poppler-windows).
- [COMMAND_EXECUTION] (HIGH): Installation steps require 'sudo apt-get install', which grants the installation process administrative privileges on the host system.
- [PROMPT_INJECTION] (LOW): This skill presents an indirect prompt injection surface (Category 8). Evidence: 1. Ingestion points: LaTeX source files and PDFs in the 'input/' directory. 2. Boundary markers: Absent; the system parses complex document structures without explicit sanitization or instructions to ignore embedded commands. 3. Capability inventory: The pipeline executes subprocesses (python, libreoffice, pdftoppm) and can perform network operations via the Google Search API. 4. Sanitization: Absent; the skill relies on LLMs to process raw content from papers, which may contain malicious instructions designed to hijack the session.
Recommendations
- AI detected serious security threats
Audit Metadata