The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill directs the AI to use sys.path.append() to load and execute code from a hardcoded local directory (/Users/niyaro/Documents/Code/zotero-code-execution). This dynamic loading pattern allows for the execution of unverified local code that is not contained within the skill itself.- [PROMPT_INJECTION] (LOW): The instructions explicitly direct the AI to bypass standard Model Context Protocol (MCP) tool calls in favor of manual code execution. This encourages the agent to operate outside of established safety boundaries for tool interaction.- [PROMPT_INJECTION] (LOW): The skill processes untrusted data from an external source (Zotero library metadata) via code execution, creating a surface for indirect prompt injection. Findings for Category 8: 1. Ingestion point: Zotero search results; 2. Boundary markers: Absent; 3. Capability inventory: Python code execution; 4. Sanitization: Absent.- [CREDENTIALS_UNSAFE] (LOW): The troubleshooting documentation identifies sensitive paths for Zotero credentials and configuration files, such as ~/.config/zotero-mcp/config.json and the ZOTERO_API_KEY environment variable.

zotero-mcp-code