Skills
skills/bahayonghang/my-claude-code-settings/latex-document-skill/Gen Agent Trust Hub

latex-document-skill

Pass

Audited by Gen Agent Trust Hub on Apr 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several Bash scripts and Python's subprocess module to manage document processing workflows. This includes invoking LaTeX compilation engines (pdflatex, xelatex), PDF utilities (qpdf, poppler), and format converters (Pandoc).
  • [EXTERNAL_DOWNLOADS]: The skill downloads required system tools and libraries from official repositories via standard package managers. It also fetches BibTeX metadata from established academic services like doi.org and arxiv.org to support bibliography management.
  • [REMOTE_CODE_EXECUTION]: The mermaid_to_image.sh script uses npx to dynamically execute the @mermaid-js/mermaid-cli package from the npm registry. This is used solely for rendering Mermaid diagrams into images for document inclusion.
  • [PRIVILEGE_ESCALATION]: Installation scripts (e.g., install_deps.sh) use sudo to install system packages on Linux, which is a standard requirement for setting up the necessary TeX Live and Pandoc environments.
  • [PROMPT_INJECTION]: The skill is designed to process untrusted PDF and LaTeX content. The SKILL.md file contains specific rules for the agent to treat these inputs as untrusted and explicitly forbids the execution of embedded scripts, macros, or external links found within source documents.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 19, 2026, 02:49 PM