The Agent Skills Directory

[COMMAND_EXECUTION]: The workflow defined in SKILL.md for Pass 12 explicitly directs the agent to compile LaTeX source files if a PDF version is not available. This instruction requires the agent to execute system shell commands and interact with local compilation tools.
[REMOTE_CODE_EXECUTION]: Directing an agent to compile untrusted LaTeX source code poses a high risk of code execution. Maliciously crafted LaTeX documents can utilize the shell escape feature (e.g., the \write18 command) to execute arbitrary scripts, which could lead to a complete system compromise depending on the environment permissions.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests untrusted manuscript data (PDF, DOCX, LaTeX, Markdown) and processes it through a complex multi-pass audit without implementing boundary markers or instructions to ignore embedded commands within the manuscript content.
Ingestion points: User-uploaded manuscript files identified in Step 1 and processed throughout the 13 audit passes.
Boundary markers: The instructions lack defined delimiters or specific markers to isolate the manuscript text from the agent's internal instruction set.
Capability inventory: The skill allows the agent to read/write files and execute system commands for the purpose of document compilation.
Sanitization: No sanitization, filtering, or validation of the manuscript content is performed prior to analysis or compilation.

manuscript-review