The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The skill includes local Python scripts (run_checks.py, validate_skill.py) for self-validation. These scripts use subprocess.run with list-based arguments (avoiding shell=True) to execute other internal scripts. This is a safe and intended utility for verifying output quality.\n- [EXTERNAL_DOWNLOADS] (SAFE): The skill does not perform any network operations. It intentionally avoids external dependencies, even for YAML parsing, to minimize its attack surface and dependency risk.\n- [DATA_EXFILTRATION] (SAFE): File access is constrained to the user's local project directory. The skill defines strict guardrails in config.yaml to prevent modification of sensitive LaTeX files like main.tex or style files (.cls, .sty).\n- [PROMPT_INJECTION] (SAFE): Instructions in SKILL.md are well-structured and focused on structural integrity and academic accuracy. It includes explicit constraints against fabricating data ('不得捏造') and modifying critical project files.

nsfc-research-foundation-writer