The Agent Skills Directory

[DATA_EXPOSURE]: The skill includes a bibliography verification tool (online_bib_verify.py) that transmits paper titles and DOIs extracted from the user's BibTeX files to external APIs (api.crossref.org and api.semanticscholar.org). This is an intended feature for academic verification, and the services used are well-known technology providers in the scholarly domain.
[COMMAND_EXECUTION]: Several scripts (compile.py, check_format.py, check_references.py) use subprocess.run to execute standard LaTeX tools such as latexmk, xelatex, and chktex. These commands are constructed using argument lists rather than shell strings, which mitigates command injection risks. The compile.py script includes an optional --shell-escape flag; while this LaTeX feature can be dangerous if used on untrusted documents, the script includes explicit warnings and the capability is restricted by the platform's allowed-tools configuration.
[INDIRECT_PROMPT_INJECTION]: The skill ingests and parses user-provided LaTeX (.tex) and BibTeX (.bib) files to generate diagnostic reports. While this presents a theoretical attack surface for indirect prompt injection if a malicious document contains instructions intended for the LLM, the parser logic is designed to ignore LaTeX comments and specifically extract visible text for regex-based analysis, reducing the risk of accidental instruction following.

latex-thesis-zh