The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands defined in local 'mode' files during the validation and post-creation phases.
Evidence: SKILL.md Step 11 instructs the agent to run validation commands such as 'npx tsc', and Step 12 requires the execution of arbitrary 'Post-Creation' tasks defined in markdown configuration files.
[REMOTE_CODE_EXECUTION]: The skill generates and writes executable source code (e.g., React, Next.js, Vue) to the local filesystem based on untrusted data gathered from external web searches.
Evidence: Step 8 in SKILL.md describes the process of writing framework-specific pages after performing web research in Step 4, creating a path where external data influences local code generation.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its workflow of ingesting external data and using it to drive complex capabilities.
Ingestion points: The skill uses 'WebSearch' in Step 4 to gather data from the public internet.
Boundary markers: Absent; there are no explicit instructions to the agent to ignore or sanitize instructions that might be embedded in the retrieved web content.
Capability inventory: The agent has the ability to write files (Step 8) and execute shell commands via subprocess calls (Steps 11 and 12).
Sanitization: Absent; the skill maps external findings directly to the paper structure and companion outputs without a defined sanitization or escaping layer.

research-paper