The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill coordinates subagents that fetch and process external content from the web and academic databases. * Ingestion points: Data enters the system via paper-search browse and paper read. * Boundary markers: The instructions lack explicit delimiters or warnings to subagents to ignore embedded instructions within the fetched text. * Capability inventory: Subagents are given general-purpose access, including Bash, Read, and Write tools. * Sanitization: No sanitization or validation of the external content is performed before passing it to the subagents.
Command Execution (SAFE): The skill documentation describes the use of local CLI tools (paper, paper-search) and a standard local installation command (uv pip install -e .). These are used for their intended purpose in a research context, and no malicious command injection or unauthorized execution patterns were observed.

research-coordinator