The Agent Skills Directory

Prompt Injection (HIGH): The skill is highly susceptible to Indirect Prompt Injection as it ingests untrusted data from the arXiv API. Ingestion points: Data enters the agent's context through the output of the arxiv_search.py script which queries external servers. Boundary markers: No boundary markers or 'ignore' instructions are used to delimit external content; papers are simply separated by whitespace. Capability inventory: The agent has full shell execution capabilities, as demonstrated by the instructions to run Python scripts and use pip. Sanitization: There is no evidence of sanitization or filtering of the fetched summaries, allowing embedded instructions to potentially reach the LLM.
External Downloads (MEDIUM): The skill documentation directs the user/agent to install the arxiv package via pip. There is no version pinning or hash verification, leaving the system vulnerable to dependency confusion or supply chain attacks.
No Code (INFO): The core logic file arxiv_search.py is referenced throughout the documentation but is not included in the provided file list, preventing a thorough audit of the actual Python code.

arxiv-search