The Agent Skills Directory

[COMMAND_EXECUTION]: The main script scripts/reaction_data_extraction.py invokes the mineru command-line tool via subprocess.run. The command is constructed using a list of arguments, which is a safe practice that mitigates shell injection risks. \n- [EXTERNAL_DOWNLOADS]: The skill requires several standard Python libraries for PDF parsing and chemistry informatics, such as mineru, PyMuPDF, and rdkit, as listed in requirements.txt. These are legitimate dependencies for the skill's technical domain. \n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface by processing untrusted PDF documents. Evidence: 1. Ingestion points: PDF files processed via mineru in scripts/reaction_data_extraction.py. 2. Boundary markers: Absent in the extracted Markdown text. 3. Capability inventory: Subprocess execution and file system write access. 4. Sanitization: No content validation or filtering is applied to the extracted Markdown data before it is handled by the agent.

reaction-data-extraction