paper-orchestra
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script "scripts/check_tex_packages.py" executes the local LaTeX compiler ("pdflatex") using "subprocess.run" to verify the presence of required formatting packages. This is a standard environment check to ensure compilation will succeed later in the pipeline. \n- [COMMAND_EXECUTION]: The orchestrator instructions in "SKILL.md" direct the host agent to execute command-line tools such as "latexmk" for final document compilation and various provided validation scripts. \n- [PROMPT_INJECTION]: The skill processes untrusted research materials which could contain malicious instructions designed to influence the paper generation process. \n
- Ingestion points: Reads "idea.md", "experimental_log.md", "template.tex", and "conference_guidelines.md" from the workspace as defined in "SKILL.md" and "references/io-contract.md". \n
- Boundary markers: Implements an "Anti-Leakage Prompt" (Appendix D.4) found in "references/anti-leakage-prompt.md" to restrict the model to only provided inputs and prevent data leakage. \n
- Capability inventory: Includes subprocess execution for LaTeX environment checks ("scripts/check_tex_packages.py") and instructions for shell-based compilation ("SKILL.md"). \n
- Sanitization: "scripts/validate_inputs.py" validates structural formatting such as headers and file existence, but does not perform semantic sanitization of text content for indirect injection.
Audit Metadata