The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill communicates with the Crossref REST API (api.crossref.org) to fetch scholarly metadata. Crossref is a well-known and authoritative service for bibliographic records, and the skill's interaction with it is transparent and limited to its intended purpose.
[COMMAND_EXECUTION]: The skill provides a local Python script (scripts/nature_citation.py) to automate text segmentation and citation retrieval. The script uses standard libraries and performs well-defined operations on user-provided text without executing arbitrary or hidden commands.
[DATA_EXFILTRATION]: While search queries derived from user input are sent to the Crossref API, this is the core function of the skill. There is no evidence of harvesting sensitive local files, environment variables, or credentials.
[INDIRECT_PROMPT_INJECTION]: The skill ingests manuscript text and API data, which are untrusted sources. However, the accompanying Python script correctly implements sanitization (HTML/XML escaping and text cleaning) before generating review artifacts, significantly reducing the surface for injection attacks.
[SAFE]: Overall, the skill follows best practices for academic software, including explicit support grading for citations and clear warnings to the user about verifying candidates manually.

nature-citation