Skills
skills/pedrohcgs/claude-code-my-workflow/extract-tikz/Gen Agent Trust Hub

extract-tikz

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the $ARGUMENTS variable directly in shell commands across multiple steps (e.g., 'ls Slides/$ARGUMENTS*.tex', 'cd Figures/$ARGUMENTS', and './scripts/sync_to_docs.sh $ARGUMENTS'). This allows for arbitrary command execution if the input contains shell metacharacters like semicolons or pipe symbols.
  • [COMMAND_EXECUTION]: The skill demonstrates a dynamic execution pattern by extracting TikZ blocks from source files to create 'extract_tikz.tex' and then immediately executing the 'xelatex' compiler on the generated file.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from local LaTeX files without sanitization.
  • Ingestion points: Slides/$ARGUMENTS*.tex files are read to extract TikZ blocks.
  • Boundary markers: Absent; the content is extracted and written directly to a new file for compilation.
  • Capability inventory: The skill uses the Bash tool to run xelatex, pdf2svg, and local shell scripts, providing a path for exploitation if the ingested content is malicious.
  • Sanitization: None; LaTeX content is copied verbatim into the compilation target.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 06:01 PM
Security Audit — agent-trust-hub — extract-tikz