The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill executes a bundled Python script (scan_reference_library.py) using the Bash tool to calculate file hashes and generate metadata indexes. This runtime execution is restricted to the local environment and the skill's own code.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill handles local file metadata and incorporates a 'Reference Library Policy' that warns against exposing private content. No evidence of unauthorized file access or network exfiltration was found.
[INDIRECT_PROMPT_INJECTION]: The skill has a metadata ingestion surface via PDF filenames. Ingestion points: Filenames are read from the filesystem in scripts/scan_reference_library.py. Boundary markers: Output is constrained to Markdown tables. Capability inventory: The script performs file I/O and directory creation; the agent has Bash and Write tools. Sanitization: The slugify function in the scanning script sanitizes filenames into alphanumeric slugs, effectively preventing filename-based injection.

reference-library-manager