academic-ppt
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to check the environment, install dependencies, and render Mermaid diagrams. (Evidence: SKILL.md Preamble, figure_patterns.md Mermaid Fallback).- [DYNAMIC_EXECUTION]: The skill generates Python scripts at runtime to create charts and diagrams, then executes them using subprocess.run. (Evidence: figure_patterns.md Parallel Execution).- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data that drives the generation of slide content and executable Python code.
- Ingestion points: User-provided LaTeX and PDF files (SKILL.md Phase 1).
- Boundary markers: Absent in the prompt interpolation logic.
- Capability inventory: Ability to generate and execute Python scripts via subprocess (figure_patterns.md).
- Sanitization: Employs an AST-based whitelist for Python imports to restrict scripts to specific libraries like matplotlib, seaborn, and numpy (figure_patterns.md Import Whitelist).- [EXTERNAL_DOWNLOADS]: The skill triggers the installation of several external Python and Node.js dependencies from public registries. (Evidence: README.md Dependencies).
Audit Metadata