The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and analyze untrusted source material (markdown files, plain text, structured data) to generate LaTeX documents. This represents a surface for indirect prompt injection where malicious instructions embedded in the source data could influence the agent's behavior during the analysis phase.
Ingestion points: Reads source material, markdown files, and structured data via the Read tool.
Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when processing external input.
Capability inventory: The skill has access to Write and Bash tools for document creation and compilation.
Sanitization: The skill includes instructions to escape LaTeX special characters, but lacks sanitization or validation to prevent the execution of instructions hidden within the data.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute LaTeX compilers (pdflatex, xelatex, lualatex) and the latexmk utility. While these tools are restricted in the allowed-tools manifest, LaTeX engines can potentially be exploited to execute shell commands (e.g., via the \write18 macro) if not properly configured or if they process untrusted .tex input.
[PRIVILEGE_ESCALATION]: The skill's documentation mentions providing the user with commands involving sudo or brew for platform-specific LaTeX installation. Although the skill correctly mandates presenting these commands to the user for confirmation rather than auto-executing them, the promotion of privileged commands is a notable security surface.

latex