math-modeling

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes system utilities and compilers through the subprocess module to process documents and manage environment restrictions.
  • Evidence: tools/docx/scripts/office/soffice.py writes a C source file to a temporary directory and compiles it using gcc to create a socket redirection shim.
  • Evidence: tools/xlsx/scripts/recalc.py and tools/docx/scripts/accept_changes.py call the soffice command to interact with Office documents.
  • Evidence: tools/docx/scripts/equations.py calls pandoc and pip for document conversion and dependency management.
  • [REMOTE_CODE_EXECUTION]: The skill performs runtime software installation from external sources.
  • Evidence: tools/docx/scripts/equations.py automatically executes pip install to fetch the latex2mathml package from the internet if it is missing during execution.
  • [EXTERNAL_DOWNLOADS]: The scholarly search functionality communicates with external web services to retrieve academic metadata.
  • Evidence: Outbound network connections are made to api.openalex.org and api.anysearch.com in tools/paper_search/scripts/openalex_scholar.py and tools/paper_search/scripts/anysearch_academic.py.
  • [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection due to its automated processing of external file content.
  • Ingestion points: Data is parsed from user-provided PDF documents and Excel spreadsheets in tools/pdf/scripts/extract_form_structure.py and tools/xlsx/scripts/recalc.py.
  • Capability inventory: The skill can execute shell commands and modify the local file system using data derived from these untrusted sources.
  • Sanitization: Although the skill includes an instructional 'Model Contract' framework to guide agent reasoning, it lacks programmatic sanitization or sandboxing of the raw data extracted from external documents.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 08:53 AM
Security Audit — agent-trust-hub — math-modeling