The Agent Skills Directory

[COMMAND_EXECUTION]: A significant command injection vulnerability was identified in arxiv_doc_builder/fetch_paper.py. The skill processes an arxiv_id from the user and uses it to construct file paths. One such path is interpolated into a shell command string (f'gunzip -c "{path}" | file --brief -') that is executed via subprocess.run with shell=True. Although the script attempts to normalize the ID by replacing forward slashes, it does not sanitize other shell-sensitive characters like double quotes or semicolons, allowing an attacker to break out of the command context and execute arbitrary code.
[EXTERNAL_DOWNLOADS]: The skill is designed to download research materials from arxiv.org and its associated API. It uses curl to fetch LaTeX source archives and PDF files. These network operations are legitimate for the skill's purpose and target well-known, trusted academic infrastructure.
[COMMAND_EXECUTION]: The normalization logic in safe_arxiv_id is insufficient to prevent directory traversal. By providing an ID containing .. sequences, an attacker could potentially influence where files are created on the filesystem, as the resulting paths are used in mkdir and curl -o operations.

arxiv-doc-builder