paper-2-web
Warn
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs users to download and run Python code from a third-party GitHub repository (https://github.com/YuhangChen1/Paper2All.git) which is not part of the verified vendor ecosystem. This involves executing unvetted scripts like pipeline_all.py on the host machine.
- [COMMAND_EXECUTION]: Installation steps require the use of sudo for package management (libreoffice, poppler-utils), which modifies system configuration and represents a potential privilege escalation risk if exploited.
- [EXTERNAL_DOWNLOADS]: The skill depends on fetching software and configuration from non-whitelisted external repositories for its core functionality.
- [PROMPT_INJECTION]: The skill processes untrusted academic papers in PDF and LaTeX formats using LLMs, creating a surface for indirect prompt injection where instructions hidden in the paper could manipulate the agent's behavior.
- Ingestion points: LaTeX source files and PDF documents located in the input/ directory.
- Boundary markers: No delimiters or isolation instructions are present to prevent the LLM from executing instructions found within the papers.
- Capability inventory: File system writing, command execution via Python, and external network communication through various APIs.
- Sanitization: No sanitization or validation mechanisms are mentioned for the document content before LLM processing.
Audit Metadata