The Agent Skills Directory

[SAFE]: The skill manages session cookies for the Scholar Inbox service by storing them in ~/.config/scholar-inbox/session.json. It correctly sets file permissions to read/write for the user only (mode 600), preventing unauthorized access from other users on the system.
[COMMAND_EXECUTION]: The skill uses Python's subprocess module to orchestrate playwright-cli and notebooklm operations. These commands are used to automate browser interactions for login, paper ingestion, and diagnostics. The arguments passed to these commands are internally controlled or cast to safe types.
[PROMPT_INJECTION]: The skill fetches content from the Scholar Inbox REST API, which represents an indirect prompt injection surface. It actively mitigates this risk through a _sanitize_summary function that validates retrieved paper summaries against titles to detect and suppress unrelated or suspect content.
[EXTERNAL_DOWNLOADS]: The skill references external tools including @anthropic-ai/playwright-cli (from a trusted vendor) and notebooklm-py for its enhanced paper-reading mode. These dependencies are clearly communicated to the user in the setup instructions.

scholar-agent