The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill processes untrusted external content and uses it to generate file output without sanitization.
Ingestion points: The skill uses pdf-tools-read_pdf_pages and pdf-tools-search_pdf_content to extract data from external sources as described in SKILL.md.
Boundary markers: No delimiters or instructions are provided to help the agent distinguish between valid data and embedded instructions in the source documents.
Capability inventory: The skill utilizes filesystem-write_file to save the generated LaTeX code directly to the local filesystem.
Sanitization: There is no logic or instruction to sanitize or escape LaTeX special characters or dangerous commands like \write18 or \input. This could allow an attacker to craft a PDF that, when processed, results in a .tex file that executes arbitrary shell commands or exfiltrates data when the user attempts to compile it.
Data Exposure (MEDIUM): The combination of filesystem-list_directory and pdf-tools-read_pdf_pages provides broad access to the filesystem, which could be exploited via injection to read sensitive documents outside the intended scope.

latex-table-generator