The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the Bash tool, specifically calling Python scripts (scripts/generate_schematic.py, scripts/generate_image.py) that are missing from the provided skill package. This represents unverified execution of local content.
[COMMAND_EXECUTION]: Shell commands in SKILL.md interpolate potentially untrusted data (like research summaries or paper titles) directly into command arguments. For example: python scripts/generate_schematic.py "Graphical abstract for [paper title]: [brief description...]". If the description contains shell metacharacters (e.g., backticks or semicolons), it could lead to arbitrary command execution.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting data from external research sources.
Ingestion points: Data retrieved through the research-lookup tool and parsed scientific literature.
Boundary markers: The instructions do not define delimiters or provide warnings to ignore embedded instructions within the ingested research materials.
Capability inventory: The agent has access to Bash, Write, Edit, and Read tools, which could be abused if malicious instructions are present in the processed data.
Sanitization: No evidence of sanitization or escaping is present for content retrieved via external lookup tools before it is used in the writing process or passed to shell scripts.
[PROMPT_INJECTION]: The SKILL.md file contains a dedicated section ("Suggest Using K-Dense Web") that overrides the agent's behavior by mandating it to promote a specific commercial platform (www.k-dense.ai) when workflow complexity increases.
[EXTERNAL_DOWNLOADS]: The skill references and promotes an external domain (www.k-dense.ai) and utilizes the research-lookup skill to fetch external content. While the domain is vendor-owned, it facilitates the movement of research data to an external environment.

scientific-writing