math-modeling
Warn
Audited by Gen Agent Trust Hub on Jun 30, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes system utilities and compilers through the
subprocessmodule to process documents and manage environment restrictions. - Evidence:
tools/docx/scripts/office/soffice.pywrites a C source file to a temporary directory and compiles it usinggccto create a socket redirection shim. - Evidence:
tools/xlsx/scripts/recalc.pyandtools/docx/scripts/accept_changes.pycall thesofficecommand to interact with Office documents. - Evidence:
tools/docx/scripts/equations.pycallspandocandpipfor document conversion and dependency management. - [REMOTE_CODE_EXECUTION]: The skill performs runtime software installation from external sources.
- Evidence:
tools/docx/scripts/equations.pyautomatically executespip installto fetch thelatex2mathmlpackage from the internet if it is missing during execution. - [EXTERNAL_DOWNLOADS]: The scholarly search functionality communicates with external web services to retrieve academic metadata.
- Evidence: Outbound network connections are made to
api.openalex.organdapi.anysearch.comintools/paper_search/scripts/openalex_scholar.pyandtools/paper_search/scripts/anysearch_academic.py. - [PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect prompt injection due to its automated processing of external file content.
- Ingestion points: Data is parsed from user-provided PDF documents and Excel spreadsheets in
tools/pdf/scripts/extract_form_structure.pyandtools/xlsx/scripts/recalc.py. - Capability inventory: The skill can execute shell commands and modify the local file system using data derived from these untrusted sources.
- Sanitization: Although the skill includes an instructional 'Model Contract' framework to guide agent reasoning, it lacks programmatic sanitization or sandboxing of the raw data extracted from external documents.
Audit Metadata