The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple local Python utility scripts (e.g., list_proposal_files.py, build_parallel_vibe_plan.py, finalize_output.py, cleanup_intermediate.py) using python3 to manage the review workflow and file system.- [PROMPT_INJECTION]: An indirect prompt injection surface is present because the skill ingests content from user-provided LaTeX files (.tex) and interpolates summaries into a master prompt used for subsequent 'expert' LLM calls. The skill uses Markdown structural delimiters but lacks explicit sanitization of the injected text content.- [SAFE]: The included Python scripts implement path-traversal protection using a _within validation check that resolves paths and verifies the target is a child of the intended review directory before performing move or delete operations.- [EXTERNAL_DOWNLOADS]: The skill defines a dependency on an external skill named parallel-vibe and attempts to locate its execution script in standard local paths (e.g., ~/.claude/skills/).

nsfc-reviewers