paper-2-web
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires cloning a repository from an untrusted GitHub account (
YuhangChen1/Paper2All) and installing dependencies viapip install -r requirements.txt. Since this source is not within the defined trust scope, it poses a significant risk of supply chain attack. - [COMMAND_EXECUTION] (HIGH): The installation guide explicitly instructs users to execute
sudo apt-get install, which involves administrative privileges. Additionally, the skill's operation relies on executing local Python scripts (pipeline_all.py) that perform broad file system and network operations. - [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8).
- Ingestion points: Processes untrusted external LaTeX and PDF files via the
--input-dirand--paper_latex_rootparameters. - Boundary markers: No evidence of delimiters or instructions to ignore embedded malicious prompts within the processed documents.
- Capability inventory: The skill possesses file-write capabilities (
output/directory), network access (OpenAI, OpenRouter, Google APIs), and subprocess execution. - Sanitization: No sanitization or validation of input document content is described before processing by high-capability LLMs.
- [REMOTE_CODE_EXECUTION] (HIGH): By downloading a full repository and executing its scripts (
pipeline_all.py), the skill effectively facilitates remote code execution from an untrusted source. - [CREDENTIALS_UNSAFE] (LOW): The skill documentation guides users to store sensitive API keys (
OPENAI_API_KEY,GOOGLE_API_KEY) in a.envfile. While standard, this local plain-text storage is a risk if the environment is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata