overleaf
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a vulnerability surface for indirect prompt injection.\n
- Ingestion points: The skill ingests untrusted data from remote Overleaf projects via the
olcli pull,olcli info, andolcli downloadcommands as defined inSKILL.md.\n - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore instructions embedded within retrieved LaTeX source files.\n
- Capability inventory: The agent has capabilities to write files to the local filesystem (
pull,download), trigger remote compilations (pdf,compile), and perform network uploads (push,upload,sync) across its various scripts.\n - Sanitization: There is no evidence of sanitization or content validation performed on the retrieved LaTeX documents before they are introduced into the agent's context.\n- [COMMAND_EXECUTION]: The skill provides a command-line utility
olclithat allows the agent to execute various operations for project management and synchronization.\n- [DATA_EXFILTRATION]: The skill transfers local LaTeX files and project-specific metadata to Overleaf's servers (overleaf.com) to facilitate project synchronization and remote compilation. This is the primary intended functionality of the tool.\n- [SAFE]: The skill implementation follows standard patterns for authentication and configuration management. Session cookies are securely retrieved from environment variables, local auth files, or global configuration stores. Network requests are directed only to the Overleaf platform or user-configured self-hosted instances. No malicious code or hidden backdoors were identified during the analysis.
Audit Metadata