The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes explicit instructions for the agent to bypass environmental security controls by redefining the navigator.webdriver property and provides a method for autonomously identifying and clicking Cloudflare Turnstile captcha elements.\n- [CREDENTIALS_UNSAFE]: The skill logic extracts security tokens and utilizes browser session cookies to maintain authentication while performing data exports and downloading PDF files from the ScienceDirect domain.\n- [COMMAND_EXECUTION]: Local Python scripts are executed via subprocess calls using arguments derived from article metadata and extracted security tokens to facilitate communication with the Zotero desktop application.\n- [EXTERNAL_DOWNLOADS]: The skill performs network requests to communicate with the Zotero Connector API at localhost:23119 and retrieves PDF documents from ScienceDirect servers.\n- [PROMPT_INJECTION]: The skill processes untrusted metadata from search results, creating an indirect prompt injection surface. Ingestion points: Article titles, abstracts, and identifiers extracted from the ScienceDirect DOM via JavaScript. Boundary markers: None. Capability inventory: Execution of local Python scripts and outbound network access. Sanitization: No sanitization or validation is applied to the extracted metadata before it is processed or passed to external scripts.

sd-export