latex-paper-en

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/compile.py and scripts/check_format.py modules use subprocess.run to execute external binaries such as latexmk, pdflatex, xelatex, and chktex. This is required for the skill's functionality but creates a vector for executing commands on the host system.
  • [COMMAND_EXECUTION]: The scripts/compile.py script includes a --shell-escape parameter. Enabling this flag allows the LaTeX compiler to execute arbitrary shell commands from within the .tex source file. While the script includes a warning for the user, this represents a significant security surface if the skill is used on untrusted LaTeX projects.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it is designed to ingest and analyze untrusted data from user-provided .tex and .typ files.
  • Ingestion points: Multiple scripts, including analyze_grammar.py, deai_check.py, and analyze_logic.py, read and process the contents of user-provided LaTeX or Typst files.
  • Boundary markers: None identified in the prompt interpolation process.
  • Capability inventory: Local command execution via subprocess.run in scripts/compile.py and scripts/check_format.py.
  • Sanitization: The scripts use regular expressions to extract visible prose, but the resulting content is passed back to the agent for interpretation without specific sanitization against instructions embedded in the document text.
  • [EXTERNAL_DOWNLOADS]: The scripts/online_bib_verify.py script fetches bibliographic metadata from external APIs, specifically api.crossref.org and api.semanticscholar.org. These are well-known academic services used for legitimate verification purposes.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 11:03 AM
Security Audit — agent-trust-hub — latex-paper-en