sci-writer

The server enables LaTeX's `\write18` (shell escape) feature during compilation (`pdflatex -shell-escape` in compilation scripts). This means that any content submitted to section/figure/table handlers by an AI agent (or other client) can potentially execute arbitrary shell commands if it contains `\write18{malicious_command}`. While designed for trusted AI agents creating LaTeX content, this is a severe code execution vulnerability if deployed in an untrusted environment or if the AI agent itself is compromised. Pydantic validation for input content ensures type safety but does not filter for potentially malicious LaTeX commands. Direct `eval` calls in shell scripts are used with internally constructed commands, which reduces direct command injection risk through function arguments, but the `\write18` vector remains. The system also pulls external containers and packages, which introduces supply chain risks.