The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the processing of external user content.
Ingestion points: The skill recovers project state by reading user-supplied paper drafts, project ideas, literature maps, and reviewer simulation outcomes as defined in Step 1 of SKILL.md.
Boundary markers: There are no explicit instructions or delimiters used to isolate user-supplied content from the agent's core instructions, nor are there warnings to ignore embedded instructions within processed data.
Capability inventory: The skill is configured with powerful tools including Bash, Write, Edit, and WebFetch, which could be exploited if malicious instructions are embedded in a paper draft.
Sanitization: No evidence of sanitization, escaping, or validation of external research content is present in the instruction set.
[COMMAND_EXECUTION]: The skill configuration allows access to the Bash tool. While the provided instructions do not currently utilize any shell commands, the presence of the tool increases the potential impact of a successful prompt injection attack.
[EXTERNAL_DOWNLOADS]: The skill instructions in references/audience-venue-fit.md and SKILL.md suggest using WebSearch and WebFetch to verify current venue expectations via OpenReview or conference proceedings. This is a legitimate function for the skill's purpose and targets well-known academic services.

paper-positioning-planner