The Agent Skills Directory

[COMMAND_EXECUTION]: The provided utility script scripts/mcp-call.sh is vulnerable to shell command injection because it interpolates user-controlled variables (TOOL_NAME and ARGS) directly into a bash heredoc without proper quoting or escaping. This allows an attacker or a compromised agent to execute arbitrary local commands by including shell expansion sequences (e.g., backticks or dollar-parenthesis) in the tool arguments.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves and processes research data from external sources.
Ingestion points: Tools like atypica_study_get_messages, atypica_study_get_report, and atypica_study_get_podcast ingest text content from simulated AI personas and web search results.
Boundary markers: No delimiters or safety instructions are defined in the tool descriptions to separate untrusted research data from the agent's instructions.
Capability inventory: The skill allows API interactions but does not expose dangerous local system tools like file writers or shell executors.
Sanitization: There is no evidence of filtering or escaping for the retrieved external content before it is returned to the agent's context.
[EXTERNAL_DOWNLOADS]: The skill performs network requests to the vendor's API at https://atypica.ai/mcp/study to manage research sessions and retrieve generated artifacts like reports and podcasts.

atypica-research