paper-review
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Data Exposure] (HIGH): The skill's LaTeX support feature explicitly follows
\input{}and\include{}commands. This creates a high-risk Local File Inclusion (LFI) vulnerability where an attacker can submit a paper designed to read sensitive files from the environment, such as~/.ssh/id_rsa,~/.aws/credentials, or/etc/passwd. - [Indirect Prompt Injection] (LOW): The skill processes untrusted PDF and LaTeX papers that may contain malicious instructions to subvert agent behavior. Evidence Chain: 1. Ingestion points: Files provided via the
/paper-reviewcommand. 2. Boundary markers: Absent; there are no delimiters to separate paper content from system instructions. 3. Capability inventory: The skill has file-read and file-write capabilities. 4. Sanitization: No evidence of sanitizing input files for embedded instructions or dangerous LaTeX commands. - [Metadata Analysis] (SAFE): The skill metadata and referenced conferences are informational and do not contain malicious patterns. Files
SKILL.mdandreview-criteria.mdwere missing, limiting the depth of the audit.
Recommendations
- AI detected serious security threats
Audit Metadata