latex-paper-conversion
Warn
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands such as pdflatex, bibtex, grep, and rg for document compilation and error analysis.
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to dynamically create and execute a Python script (convert_format.py) to perform content extraction and merging, which is a form of dynamic execution.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted LaTeX files provided by the user. 1. Ingestion points: User-supplied .tex files are parsed for content extraction. 2. Boundary markers: The skill does not provide instructions to ignore or delimit embedded commands within the source files. 3. Capability inventory: The agent can write files, generate/execute Python scripts, and run shell commands. 4. Sanitization: There is no requirement for the agent to sanitize or validate the LaTeX input before processing.
Audit Metadata