The Agent Skills Directory

[PROMPT_INJECTION]: The skill's primary workflow involves reading and summarizing data from a user's research repository, including README files, experimental logs, and artifacts. This creates a surface for indirect prompt injection (Category 8) where malicious content in those files could attempt to influence the agent's behavior during the drafting process.
- Ingestion points: Workflow 0 in SKILL.md instructs the agent to explore repositories and read file contents using shell commands like ls, find, and grep.
- Boundary markers: The skill does not explicitly instruct the agent to use delimiters or to ignore potential instructions embedded in the project files.
- Capability inventory: The skill has access to shell commands (ls, find, grep, cp), Python script execution (via dependencies), and network access for citation verification.
- Sanitization: External data is used directly for drafting without a specific sanitization or filtering step described in the instructions.
[EXTERNAL_DOWNLOADS]: The skill involves downloading resources from official and well-known academic domains.
- The Makefile in templates/neurips2025/ includes an upgrade target that uses curl to fetch LaTeX style files from the official NeurIPS domain (media.neurips.cc).
- The main instructions in SKILL.md recommend installing the Exa MCP tool for academic search from its official domain (mcp.exa.ai).
[DATA_EXFILTRATION]: The skill performs network operations to fetch academic metadata, which is standard for its intended purpose.
- It uses Python libraries and requests to query established academic APIs including doi.org, api.semanticscholar.org, api.crossref.org, and export.arxiv.org. These requests are used to retrieve verified BibTeX entries and paper abstracts.

ml-paper-writing