The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill possesses a significant attack surface for indirect prompt injection due to its integration with web-based data sources.
Ingestion points: The skill uses web_search and web_fetch to retrieve content from external sources like Google Scholar, IEEE Xplore, and other academic databases (Section 3: Source Discovery and Verification).
Boundary markers: There are no explicit instructions or delimiters defined to isolate retrieved content from the agent's instruction set, increasing the risk of the agent obeying instructions embedded within processed documents.
Capability inventory: The agent can perform network requests (web_search, web_fetch) and create external outputs in the form of .docx and .pdf files. This allows an attacker to potentially influence generated documents or trigger further web actions through malicious content in searched papers.
Sanitization: While the skill includes a 'Verification Checklist' for academic credibility (e.g., peer review, author affiliation), it lacks security-focused sanitization to filter out malicious prompt injection payloads from fetched data.

academic-research-writer