Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/paper-poster-html/Gen Agent Trust Hub

paper-poster-html

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the tex-svg.js library from the jsDelivr CDN to enable MathJax formula rendering. It also executes playwright install chromium to fetch the headless browser necessary for PDF generation and layout measurement.
  • [COMMAND_EXECUTION]: The core orchestrator scripts/run_gates.py uses subprocess.run to execute internal validation scripts (style_check.py, asset_check.py, etc.). Additionally, scripts/_posterly/verify_final.py uses subprocess.check_output to call the pdfinfo system utility for PDF metadata verification. All commands are restricted to the skill's own internal logic and standard document utilities.
  • [PROMPT_INJECTION]: The skill processes untrusted input in the form of academic papers (PDF/TeX) and venue instruction pages (via WebFetch). This constitutes an indirect prompt injection surface; however, the skill uses an ascii_safe utility to sanitize data used in logging and provides a deterministic audit mechanism (CLAIM_EVIDENCE.md), which aligns with safe document-processing practices.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 09:07 AM
Security Audit — agent-trust-hub — paper-poster-html