The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute a local Python script (scripts/md_to_pdf.py) for converting Markdown reports into PDF format. It also provides explicit instructions for the installation of system-level Python dependencies (weasyprint and markdown) via pip.
[EXTERNAL_DOWNLOADS]: The skill retrieves academic data from the arXiv API (export.arxiv.org) using curl and utilizes WebSearch and WebFetch tools to gather information from various web sources. These operations are performed to fulfill the research objectives of the skill.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it ingests and processes untrusted data from the open web and external APIs.
Ingestion points: External data enters the agent context through WebSearch, WebFetch, and the arxiv API as defined in the search strategy in SKILL.md.
Boundary markers: The skill does not define specific delimiters or instructions to ignore potential commands embedded within the retrieved external content.
Capability inventory: The skill has access to Bash (for executing the PDF conversion script), Write (for saving files), and network tools (WebSearch, WebFetch).
Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved content before it is incorporated into the final research report or processed by the model.

hv-analysis