venue-templates
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts
generate_schematic.pyandvalidate_format.pyuse thesubprocess.run()function to invoke internal Python scripts and standard PDF diagnostic utilities (pdfinfo,pdffonts). These calls are implemented securely using argument lists without shell expansion, which prevents arbitrary command injection. - [SAFE]: The skill consists primarily of legitimate LaTeX document templates, bibliography style files (.bst), and educational markdown guides for academic publication standards. The instructions and scripts align with the skill's stated purpose and follow best practices for document automation.
- [DATA_EXPOSURE]: The diagram generation component manages API credentials by retrieving
OPENROUTER_API_KEYfrom the system environment or local.envfiles. This follows standard and safe secret management patterns for development tools and does not constitute credential harvesting.
Audit Metadata