Skills
skills/lylll9436/paper-polish-workflow-skill/caption-skill/Gen Agent Trust Hub

caption-skill

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data from LaTeX files or pasted text and uses this to perform file-write operations. This creates a surface for indirect prompt injection attacks where instructions hidden in the data could influence the agent.
  • Ingestion points: The skill reads user-provided .tex files and pasted text descriptions in the 'Collect Context' step of the workflow.
  • Boundary markers: None identified. The skill does not define specific delimiters or include instructions to ignore instructions embedded within the processed text.
  • Capability inventory: The skill uses the Write tool to modify the content of the target .tex file, specifically replacing content within \caption{} commands.
  • Sanitization: No evidence of input validation, escaping, or filtering of the content read from files or provided by the user is mentioned in the workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 11:50 AM