Skills
skills/pedrohcgs/claude-code-my-workflow/extract-tikz/Gen Agent Trust Hub

extract-tikz

Warn

Audited by Gen Agent Trust Hub on Feb 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The skill interpolates the user-provided $ARGUMENTS variable directly into shell commands without quoting or validation. \n
  • Evidence: cd Figures/$ARGUMENTS (Step 1), ls Slides/$ARGUMENTS*.tex (Step 0), and ./scripts/sync_to_docs.sh $ARGUMENTS (Step 5). \n
  • Risk: This allows an attacker to execute arbitrary shell commands by including shell metacharacters in the argument string.\n- [PROMPT_INJECTION] (LOW): The skill reads and processes local LaTeX source files, creating an indirect prompt injection surface.\n
  • Ingestion points: Reads content from .tex files in Slides/ and Figures/ and checks .svg file content.\n
  • Boundary markers: None. No instructions are provided to the agent to ignore control sequences within these files.\n
  • Capability inventory: The skill can execute shell commands and compile LaTeX code.\n
  • Sanitization: None. File content is processed as-is.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 19, 2026, 07:51 AM