Back to skill

Security audit

LaTeX Revision Tracker

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only LaTeX workflow skill with ordinary compile, diff, cleanup, and git examples that match its stated purpose.

Install this as a workflow aid, not as an autonomous editor. Before allowing the agent to run commands, review file edits, git commits/pushes, and cleanup commands, especially on important papers or shared repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The README suggests invoking the skill with broad natural-language phrases like 'Help me integrate this new section into my paper' and 'Set up version control for my thesis.' If the agent uses loose intent matching, these generic phrases can cause the skill to activate unintentionally during ordinary conversation, which may route user content into the skill unexpectedly and increase the chance of prompt-scope confusion or unintended file-handling behavior.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes a recursive cleanup command pattern that deletes multiple files without an explicit safety warning, confirmation step, or guidance to verify the target directory first. In a revision workflow, users may run the command from the wrong directory or adapt it unsafely, causing unintended loss of generated artifacts or nearby work products.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.