The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The script executes external utilities like pdfinfo, pdffonts, and pdfimages to extract metadata from a PDF file. Evidence: Subprocess calls are properly quoted (e.g., at lines 48, 88, and 102), which prevents basic shell command injection.
[INDIRECT_PROMPT_INJECTION] (LOW): The script accepts a user-provided file path and passes it to system utilities, creating a potential surface for indirect manipulation. 1. Ingestion point: File path input via $1 at line 20. 2. Boundary markers: None present. 3. Capability inventory: Reads file metadata using pdfinfo, pdffonts, and ls. 4. Sanitization: The script verifies file existence via the [ -f "$POSTER_FILE" ] check, but it does not sanitize for filenames starting with hyphens, which could lead to option injection (where a filename is interpreted as a command flag).

latex-posters