The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use Bash to write files using cat and heredocs if the primary Write tool fails. Crucially, it directs the agent to perform this action "silently" and "NOT ask the user for permission," which reduces user oversight of shell command execution.
[DATA_EXFILTRATION]: The workflow in Step 6 transmits the aggregated content of the paper outline (derived from local research files like STORY.md and NARRATIVE_REPORT.md) to an external model endpoint (gpt-5.4) via the mcp__codex__codex tool. This involves sending potentially sensitive, unpublished research data to a third-party service for analysis.
[PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection by ingesting untrusted data from various project files.
Ingestion points: Reads contents from NARRATIVE_REPORT.md, STORY.md, AUTO_REVIEW.md, IDEA_REPORT.md, and EXPERIMENT_LOG.md (Step 1).
Boundary markers: None identified. Content from these files is directly merged into the outline and the subsequent review prompt for the external LLM.
Capability inventory: The skill has access to Bash, Write, Edit, WebSearch, WebFetch, and the Agent tool.
Sanitization: No validation or escaping of the ingested text is performed before it is processed or sent to other tools.
[EXTERNAL_DOWNLOADS]: The skill mentions external methodologies and repositories in the acknowledgements section, including references to Master-cai/Research-Paper-Writing-Skills, Galaxy-Dawn/claude-scholar, and Imbad0202/academic-research-skills. These are documented as methodological inspirations and do not involve direct script downloads or execution within the skill's logic.

paper-plan