The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/generate_schematic.py uses subprocess.run to execute an internal helper script (generate_schematic_ai.py). This is a standard architectural pattern for modularizing the skill's logic.
[EXTERNAL_DOWNLOADS]: The skill interacts with well-known academic and technology services to fetch metadata and generate content. This includes CrossRef (api.crossref.org), NCBI PubMed (eutils.ncbi.nlm.nih.gov), arXiv (export.arxiv.org), and OpenRouter (openrouter.ai) for diagram generation. These network operations are strictly aligned with the stated purpose of citation management and scientific writing.
[PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection because it ingests untrusted data from external academic APIs (titles, abstracts) and interpolates them into internal workflows.
Ingestion points: External metadata is fetched in scripts/search_google_scholar.py, scripts/search_pubmed.py, and scripts/extract_metadata.py.
Boundary markers: The skill does not use explicit XML or markdown boundary markers to isolate external metadata from system instructions during processing.
Capability inventory: The skill has access to the Bash tool and file system modification (Write/Edit).
Sanitization: While it implements BibTeX-specific title protection (braces) in extract_metadata.py, it lacks specific sanitization to prevent potential LLM instructions embedded in academic metadata from influencing the agent's behavior. However, this is a standard risk factor for research-oriented agents and is not indicative of malicious intent.

citation-management