The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill is designed to ingest and analyze external data from URLs or PDF files which may contain adversarial instructions.
Ingestion points: paper-path-or-url argument in SKILL.md used by the Read tool.
Boundary markers: Absent. The skill does not use specific delimiters or instructions to ignore embedded commands within the ingested paper text.
Capability inventory: Read, Write, Bash(date *), Bash(open *).
Sanitization: Absent. Content is processed as-is to extract logical models.
Command Execution (SAFE): The skill utilizes restricted bash commands (date and open). This is a legitimate use case for creating timestamped files and opening the generated report in the user's default viewer.
Data Exposure (SAFE): Data is written to ~/Documents/notes/. No evidence was found of the skill accessing sensitive system files, environment variables, or exfiltrating data to external servers.

xray-paper-skill