latex-document
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on several local shell and Python scripts (e.g.,
compile_latex.sh,generate_chart.py,mermaid_to_image.sh) to perform core document processing tasks. - [COMMAND_EXECUTION]: The compilation workflow is designed to auto-install system packages such as
texliveandpoppler-utilsif they are not present, a process that typically involves administrative (sudo) access. - [REMOTE_CODE_EXECUTION]: The inclusion of Jinja2 templating for mail merges and support for LuaLaTeX introduces dynamic code execution capabilities during the rendering process.
- [EXTERNAL_DOWNLOADS]: The skill fetches citation data from the well-known
doi.orgservice and downloads system utilities from official package repositories during setup. - [PROMPT_INJECTION]: Processing untrusted external data from PDFs, CSVs, and JSON files for interpolation into LaTeX templates presents a surface for indirect prompt injection.
- Ingestion points: PDF documents, CSV/JSON data sources, and handwritten notes processed via OCR.
- Boundary markers: No specific delimiters or "ignore" instructions are documented for the data ingestion workflows.
- Capability inventory: The skill possesses extensive local execution capabilities, file system write access, and network connectivity (DOI fetch).
- Sanitization: There is no explicit evidence of sanitization or validation of the extracted external content before it is processed by the templates.
Audit Metadata