The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to fetch and process external data from academic sources.
Ingestion points: The agent uses WebFetch and WebSearch to retrieve paper content, reviews, and metadata from external academic sites (Step 3 in SKILL.md).
Boundary markers: There are no explicit instructions in the skill to treat fetched paper content as untrusted or to wrap it in delimiters to prevent the agent from obeying instructions embedded within the papers.
Capability inventory: The skill is granted Bash, Write, and Edit tools, allowing it to modify the local file system and execute shell commands based on its analysis (Step 8 in SKILL.md).
Sanitization: The instructions do not specify any sanitization or validation of the fetched content before it influences the agent's decision-making process.
[COMMAND_EXECUTION]: While the Bash tool is enabled, the instructions focus on standard file management and documentation tasks. There is no evidence of the skill attempting to execute arbitrary or dangerous commands beyond the intended scope of research project management.
[EXTERNAL_DOWNLOADS]: The skill references well-known and trusted academic services such as arXiv, OpenReview, DBLP, and Semantic Scholar for fetching research materials. These are legitimate sources for the skill's stated purpose.

literature-review-sprint