The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses sudo to install system packages across multiple platforms (Debian, macOS, Fedora, Alpine, Arch) in scripts/install_deps.sh and setup.sh.
The script scripts/latex_diff.sh also attempts to run sudo apt-get install to install the latexdiff utility if it is missing.
There is extensive use of subprocess.run and subprocess.check_call throughout the Python scripts to execute shell commands for document compilation and dependency management.
[REMOTE_CODE_EXECUTION]: Several Python scripts (scripts/generate_chart.py, scripts/csv_to_latex.py, scripts/pdf_fill_form.py, etc.) contain a bootstrapping function _ensure_package that dynamically installs missing Python dependencies at runtime using pip install. These installations are unversioned and happen without explicit user confirmation.
scripts/mermaid_to_image.sh uses npx to download and execute the @mermaid-js/mermaid-cli package on demand.
scripts/pdf_fill_form.py performs monkeypatching on the pypdf library at runtime (DictionaryObject.get_inherited = patched_get_inherited), which is a form of dynamic code modification.
[EXTERNAL_DOWNLOADS]: The script scripts/plantuml_to_pdf.sh automatically downloads a JAR file from a GitHub repository if the local executable is not found.
scripts/fetch_bibtex.sh uses curl to fetch bibliography data from doi.org and arxiv.org based on user-provided identifiers.
[PROMPT_INJECTION]: The skill processes untrusted user-supplied data from CSV and JSON files (mail_merge.py, csv_to_latex.py) and interpolates it into LaTeX templates. While it includes escaping mechanisms, mail_merge.py has a function escape_latex_preserve_commands that explicitly allows content starting with a backslash to bypass escaping, creating a surface for indirect prompt injection or malicious LaTeX command injection.
The skill also processes PDF files for OCR and form filling, another vector for ingesting untrusted data that influences the agent's context.

latex-document