The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it fetches and processes content from external research databases (PubMed, bioRxiv, OpenAlex). This data is synthesized and passed through multiple pipeline stages, creating a surface where malicious instructions embedded in external research papers could influence subsequent agent actions.
Ingestion points: External literature databases and handoff files between stages.
Boundary markers: Employs YAML-based handoff documents and structured context objects to delimit data.
Capability inventory: Invokes multiple specialized skills (researcher, synthesizer, fact-checker, etc.) via the Task tool and performs file operations in /tmp/ and the project directory.
Sanitization: Implements validation checks for document existence, length, topic alignment, and checksum verification during handoffs.
[DATA_EXFILTRATION]: The skill logic includes a step to read a compliance check file located at ~/.claude/skills/archive-workflow/references/archival-compliance-check.md. While the purpose is to ensure output matches project standards, accessing hidden configuration directories within the user's home folder represents a data exposure risk.
[COMMAND_EXECUTION]: The skill automates a complex workflow by orchestrating the execution of several other skills (researcher, synthesizer, devils-advocate, fact-checker, editor, git-strategy-advisor) using the Task tool based on the results of previous stages.

research-pipeline