The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The skill directs users to install an external tool from an untrusted GitHub repository (54yyyu/zotero-mcp) via uv tool install. This source is outside the trusted scope, introducing risk of executing unvetted code during installation and the subsequent zotero-mcp setup phase.
[Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external content (PDF annotations and metadata) retrieved via MCP tools to generate reading notes and field syntheses. Ingestion points: zotero_get_annotations and zotero_get_item_metadata (via Zotero MCP). Boundary markers: Absent; there are no instructions to the agent to treat external content as untrusted or to use delimiters. Capability inventory: The skill performs multiple file-write operations to the local filesystem to create notes and memos. Sanitization: Absent; the skill does not specify any validation or filtering of content extracted from literature.

lit-synthesis