Skills
skills/wu-yc/labclaw/latex-posters/Gen Agent Trust Hub

latex-posters

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute LaTeX compilation commands and PDF utility programs.\n
  • Evidence: Use of pdflatex, bibtex, lualatex, and xelatex for document generation.\n
  • Evidence: Use of pdfinfo, pdffonts, and pdfimages for PDF inspection within the scripts/review_poster.sh script.\n- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install LaTeX packages using the TeX Live manager.\n
  • Evidence: Use of tlmgr install for packages beamerposter, tikzposter, and baposter, which are hosted on official TeX Live repositories.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its operational design.\n
  • Ingestion points: The skill is designed to convert untrusted external content, such as scientific papers, abstracts, and research summaries, into poster layouts (File: SKILL.md).\n
  • Boundary markers: None identified. The skill lacks explicit instructions or delimiters to isolate user-provided data from agent instructions.\n
  • Capability inventory: The skill has access to Bash, Write, Edit, and Read tools (File: SKILL.md).\n
  • Sanitization: None identified. No processes for filtering or validating the research content are mentioned before the agent processes it.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 04:32 AM