The Agent Skills Directory

[COMMAND_EXECUTION]: The Python script tests/test_bib_search.py utilizes subprocess.run to execute the search and preview scripts during the testing phase. This usage is confined to the development/testing environment and is considered benign.
[REMOTE_CODE_EXECUTION]: A dynamic import using importlib.import_module was detected in tests/test_bib_search.py. This is used to programmatically load the preview_bib_search module for unit testing purposes and does not pose a runtime risk to the agent.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes external, potentially untrusted .bib files and presents their content (such as abstracts and annotations) to the agent.
Ingestion points: Data enters the system through .bib files read by scripts/search_bib.py.
Boundary markers: The script does not wrap extracted text in explicit markers to distinguish it from instructions, though the preview_bib_search.py script provides a structured human-readable summary.
Capability inventory: The agent is configured with Bash and Read tool access.
Sanitization: scripts/search_bib.py performs basic normalization of LaTeX characters and whitespace, but does not implement specific filtering for malicious natural language instructions within the bibliographic fields.

bib-search-citation