The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted content from academic papers (summaries and full texts) and uses this content to drive its internal dialogue and search query generation without robust sanitization. Mandatory evidence chain: 1. Ingestion points: references/review-workflow.md (SUMMARY and FULL_TEXT commands); 2. Boundary markers: Absent in prompt templates; 3. Capability inventory: Multi-turn dialogue generation and execution of search scripts; 4. Sanitization: No explicit filtering of external paper content. (Evidence: references/review-workflow.md, references/dialogue-prompts.md)\n- [EXTERNAL_DOWNLOADS] (LOW): The skill performs network operations to non-whitelisted academic APIs (arXiv, Semantic Scholar, OpenAlex) to retrieve research data. (Evidence: SKILL.md)\n- [COMMAND_EXECUTION] (LOW): The skill executes local Python scripts via the shell, using search queries that may be influenced by external, untrusted paper content, presenting a potential (though limited) command injection surface. (Evidence: SKILL.md)

literature-review