The Agent Skills Directory

PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core function of processing external scholarship.
Ingestion points: Phase 1 (OpenAlex API responses), Phase 4 (PDF downloads from arbitrary URLs), and Phase 5 (Full-text extraction from PDFs).
Boundary markers: Absent. The instructions do not wrap external text in delimiters or provide 'ignore embedded instructions' warnings for the processing agents.
Capability inventory: The skill uses requests.get for network access, performs file writes (f.write) to store PDFs and JSON databases, and uses the model to make critical decisions (screening and synthesis).
Sanitization: None. Abstract and full-text content are interpolated directly into prompts for annotation and summary.
EXTERNAL_DOWNLOADS (HIGH): Phase 4: Full Text Acquisition includes an automated download script that fetches PDFs from untrusted external URLs (oa_url) and writes them to the local disk. This creates a vector for downloading malicious payloads or content designed to trigger vulnerabilities in the PDF extraction library.
COMMAND_EXECUTION (MEDIUM): All phases (0-5) contain embedded Python code snippets using the requests, json, and os libraries. While functional, these scripts execute logic that handles unvalidated external data, increasing the risk of exploitation if API responses are manipulated.

lit-search