Skills
skills/huangwb8/chineseresearchlatex/make-latex-model/Gen Agent Trust Hub

make-latex-model

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of subprocess.run() to execute local binaries for LaTeX compilation (xelatex, bibtex), document conversion (soffice, osascript, qlmanage), and helper scripts.
  • Evidence in scripts/enhanced_optimize.py, scripts/generate_baseline.py, and scripts/core/validators/compilation_validator.py.
  • The skill implements a WorkspaceManager that resolves project paths and ensures they are located within the designated projects/ directory using Path.resolve() and relative_to(), which mitigates path traversal risks.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection because it reads text content from external PDF and LaTeX files and interpolates this data directly into prompts for the AI reasoner.
  • Ingestion points: scripts/analyze_pdf.py (extracts text from PDF) and scripts/extract_headings.py (extracts text from Word/LaTeX).
  • Boundary markers: None identified; the text is placed into templates in scripts/core/decision_reasoner.py without explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: High. The skill can modify configuration files and execute shell commands for compilation.
  • Sanitization: Not present for the ingested text.
  • While this is an attack surface, it is inherent to the tool's primary purpose of document analysis and is considered a low risk in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 01:05 PM
Security Audit — agent-trust-hub — make-latex-model