The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
Ingestion points: The skill ingests untrusted content from user-provided PDF files, which are parsed and stored in the PAPER_CORE object as defined in SKILL.md and shared/paper_core.md.
Boundary markers: The prompt templates in the modules/ directory do not use explicit delimiters or instructions to ignore potential commands embedded within the paper's text.
Capability inventory: The agent has access to the view tool for reading local files and the edge-tts MCP tool for generating audio and performing network operations.
Sanitization: There is no evidence of sanitization, filtering, or escaping of the extracted text before it is interpolated into subsequent prompts for analysis, review, or podcast generation.
[REMOTE_CODE_EXECUTION]: The documentation in README.md and modules/05_podcast.md provides a command to download and execute a shell script from a remote source.
Evidence: curl -LsSf https://astral.sh/uv/install.sh | sh.
Context: This command installs the uv tool from astral.sh, which is a well-known and trusted service for Python package management.
[EXTERNAL_DOWNLOADS]: The skill recommends the installation of an external MCP server from the author's own GitHub repository.
Evidence: https://github.com/CatVinci-Studio/better-tts-mcp.
Context: This is a vendor-owned resource provided by CatVinci-Studio to enable Text-to-Speech functionality.

paper-glance