thesis-compile-review
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill workflow includes an instruction to compile the main TeX file ('编译 main.tex'). This necessitates the execution of external LaTeX engines (such as xelatex or pdflatex) on the project files, which is a required step for its functionality.\n- [PROMPT_INJECTION]: The skill processes external TeX and BibTeX data, presenting a surface for indirect prompt injection. A maliciously crafted LaTeX document could theoretically contain instructions designed to influence the agent's review outputs or checklist updates.\n
- Ingestion points: main.tex, references/*.bib, and project TeX files.\n
- Boundary markers: No explicit delimiters are defined to isolate untrusted document content from the agent's instructions.\n
- Capability inventory: File system access (read/write) and execution of LaTeX compilation processes.\n
- Sanitization: The skill does not implement specific sanitization or filtering of LaTeX macros (e.g., restricted shell escape) before processing the source files.
Audit Metadata