The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute several local Python scripts located in the scripts/ directory, specifically mineru_converter.py, md_postprocessor.py, and style_extractor.py. These scripts are used to perform file system operations such as reading PDFs and writing Markdown files. While these scripts are part of the skill's primary purpose, executing local code always presents a controlled risk.
[PROMPT_INJECTION]: The skill architecture presents an indirect prompt injection surface as it processes external research data and PDF content to generate text.
Ingestion points: Untrusted data enters the agent context via files in the resource/{paper_topic}/ folder, including research summaries, methods details, and the output of the PDF conversion process (agent_orchestrator.md.j2).
Boundary markers: The templates use Markdown headers to separate data, but they lack explicit instructions or delimiters designed to prevent the LLM from following commands embedded within the source materials.
Capability inventory: The generated agents have significant capabilities, including the ability to read, write, and edit files, as well as executing background tasks and subprocesses.
Sanitization: No evidence of sanitization or input validation is present for the content extracted from external documents before it is interpolated into the prompts for the writer agents.
[EXTERNAL_DOWNLOADS]: The skill documentation and scripts (e.g., mineru_converter.py, verify_templates.py) reference and require the installation of external dependencies such as mineru and jinja2. These are well-known libraries in the data processing and templating ecosystems.

paper-style-toolkit