translate-to-quarto
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Command Execution] (MEDIUM): The skill requires the
Bashtool to perform rendering (Phase 6/9) and diagram extraction (Phase 0B). This allows the execution of system-level commands which could be manipulated if the input LaTeX source contains shell escape sequences or malicious commands interpreted by the agent. - [Dynamic Execution] (MEDIUM): The workflow involves generating Quarto (.qmd) files and loading RDS data. Quarto rendering typically executes embedded R or Python code. This dynamic code generation from external, potentially untrusted .tex sources creates a risk of code execution during the local rendering phase.
- [Indirect Prompt Injection] (LOW): The skill reads and processes external data that could contain instructions intended to hijack the agent's behavior. Ingestion points: Beamer .tex source files and RDS data files. Boundary markers: No specific delimiters or 'ignore embedded instructions' warnings are implemented in the workflow. Capability inventory: Bash, Read, Write, Edit, Grep, Glob, Task. Sanitization: No sanitization or validation of the LaTeX source content is described before translation or rendering.
Audit Metadata