Skills
skills/fcakyon/claude-codex-settings/review-overleaf/Gen Agent Trust Hub

review-overleaf

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local Python script overleaf_reviews.py and git diff to list projects and apply edits.
  • [CREDENTIALS_UNSAFE]: The skill reads a sensitive authentication cookie from ~/.claude/overleaf-skills/cookie to authenticate with Overleaf.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data (reviewer comments) from Overleaf and uses it to perform file edits. 1. Ingestion point: Overleaf comments fetched via API in Step 4. 2. Boundary markers: No delimiters or warnings are used to isolate comment text. 3. Capability inventory: The agent can perform file system Edit operations. 4. Sanitization: No sanitization is performed on the comment content before it influences the edit proposal.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 07:52 PM