The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute pdflatex, pdftoppm, and a secondary script from the Sh_Sci_Fig suite. While these are functional requirements for LaTeX rendering and figure extraction, executing shell commands based on user input (e.g., LaTeX code) is a potential security surface.
[EXTERNAL_DOWNLOADS]: The skill fallbacks to CodeCogs (latex.codecogs.com) for formula rendering and connects to LLM APIs (OpenAI, Anthropic, Moonshot). These are well-known technology services and are documented as part of normal operations.
[DATA_EXFILTRATION]: Academic content and extracted text from PDFs are transmitted to external AI providers (OpenAI, Anthropic, Moonshot) to facilitate summarization and translation.
[PROMPT_INJECTION]: The skill processes untrusted PDF data which is subsequently passed to LLMs, presenting an indirect prompt injection risk. 1. Ingestion points: paper_workflow.py and pdf_extractor.py (PDF text extraction). 2. Boundary markers: Not implemented; extracted text is directly interpolated into prompts. 3. Capability inventory: File system access, shell command execution, and network requests. 4. Sanitization: No sanitization of the extracted text is performed before prompt interpolation.

sci-ppt