The Agent Skills Directory

[Unverifiable Dependencies] (HIGH): The installation instructions in README.md (npx skills add nicolaischmid/agent-skills/...) point to an untrusted GitHub repository. This introduces a risk of Remote Code Execution (RCE) as code from an unverified source is downloaded and executed.
[Credentials Unsafe] (HIGH): The skill documentation in SKILL.md requires storing a Paperless-ngx API token in plaintext at ~/.config/paperless-search/config.json. The skill's operational examples read this token using jq, exposing it to any agent or process with local file system access.
[Indirect Prompt Injection] (HIGH): The skill is designed to fetch full document content via the Paperless API (/api/documents/{id}/ endpoint returning .content). This content is untrusted and generated from OCR of physical or digital documents. A malicious document could contain hidden instructions that influence the agent's behavior.
Ingestion points: API responses from the Paperless-ngx instance, specifically the .content field.
Boundary markers: Absent. The documentation does not suggest using delimiters or system-level warnings to distinguish document content from agent instructions.
Capability inventory: The skill utilizes curl and jq for command execution, providing a surface for side effects if an injection is successful.
Sanitization: Absent. No filtering or sanitization of the OCR'd text is performed before it is processed by the agent.
[Command Execution] (LOW): The skill relies on system-level execution of curl and jq. While standard, these tools are used to process data from the external API, which could be exploited if combined with shell injection, though the current examples use variables reasonably safely.

paperless-search