The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface. It directs the agent to ingest untrusted data from literature searches and external files to create manuscript outlines and final prose without sufficient sanitization.
Ingestion points: Data retrieved through the research-lookup skill and local project files via the read_file tool as described in the Stage 1 and Stage 2 writing processes.
Boundary markers: The instructions lack delimiters or explicit 'ignore embedded instructions' warnings for the agent when processing external research content, which could allow instructions within those papers to influence the agent.
Capability inventory: The skill utilizes write_file to save manuscripts and executes shell commands via a Python script, providing a path for potential exploits to interact with the environment.
Sanitization: There is no mention of sanitizing or validating the content extracted from research literature before it is processed.
[COMMAND_EXECUTION]: The skill instructions mandate the execution of a shell command (python scripts/generate_schematic.py) to generate scientific figures. This presents a potential command injection vector if the 'diagram description' argument, which is derived from user or research input, is not properly handled by the execution environment or the script itself.

scientific-writing