latex-paper-en
Pass
Audited by Gen Agent Trust Hub on May 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/compile.pyandscripts/check_format.pymodules usesubprocess.runto execute external binaries such aslatexmk,pdflatex,xelatex, andchktex. This is required for the skill's functionality but creates a vector for executing commands on the host system. - [COMMAND_EXECUTION]: The
scripts/compile.pyscript includes a--shell-escapeparameter. Enabling this flag allows the LaTeX compiler to execute arbitrary shell commands from within the.texsource file. While the script includes a warning for the user, this represents a significant security surface if the skill is used on untrusted LaTeX projects. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) as it is designed to ingest and analyze untrusted data from user-provided
.texand.typfiles. - Ingestion points: Multiple scripts, including
analyze_grammar.py,deai_check.py, andanalyze_logic.py, read and process the contents of user-provided LaTeX or Typst files. - Boundary markers: None identified in the prompt interpolation process.
- Capability inventory: Local command execution via
subprocess.runinscripts/compile.pyandscripts/check_format.py. - Sanitization: The scripts use regular expressions to extract visible prose, but the resulting content is passed back to the agent for interpretation without specific sanitization against instructions embedded in the document text.
- [EXTERNAL_DOWNLOADS]: The
scripts/online_bib_verify.pyscript fetches bibliographic metadata from external APIs, specifically api.crossref.org and api.semanticscholar.org. These are well-known academic services used for legitimate verification purposes.
Audit Metadata