The Agent Skills Directory

[Command Execution] (LOW): The generate_pdf.py script invokes pandoc and xelatex using subprocess.run. This is the core functionality for converting markdown to PDF. The script uses argument lists to prevent shell injection, but it remains a significant capability that relies on the presence of local system binaries.\n- [Data Exfiltration] (LOW): The verify_citations.py script makes outbound HTTP requests to doi.org and api.crossref.org. These domains are not on the pre-approved whitelist for exfiltration analysis. While the activity is restricted to fetching citation metadata, it establishes a network egress point to non-trusted domains.\n- [Indirect Prompt Injection] (LOW): The skill processes untrusted external data with a significant capability surface. 1. Ingestion points: verify_citations.py fetches metadata from CrossRef API; search_databases.py reads JSON search results. 2. Boundary markers: Absent; metadata is directly interpolated into formatted strings. 3. Capability inventory: subprocess execution and network access. 4. Sanitization: Absent; content from external APIs is used without escaping, which could lead to indirect injection or LaTeX-based attacks during PDF generation.

literature-review