ml-paper-writing
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The file templates/neurips2025/Makefile contains an upgrade target that downloads a ZIP from media.neurips.cc. Although this is the official NeurIPS domain, downloading and extracting remote files into the skill directory constitutes an external dependency risk.
- [Indirect Prompt Injection] (LOW): The skill is designed to compile LaTeX documents. Evidence: 1. Ingestion points: User-provided LaTeX files. 2. Boundary markers: Absent. 3. Capability inventory: pdflatex execution via Makefile. 4. Sanitization: Absent. LaTeX commands such as shell-escape could be used for injection if not restricted.
- [Command Execution] (SAFE): The skill provides standard instructions for compiling LaTeX using pdflatex and bibtex. These commands are necessary for the skill's intended purpose and follow industry standards.
Audit Metadata