The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestration engine in scripts/research_engine.py utilizes subprocess.run to execute internal validation and citation-checking scripts. These executions are securely implemented using argument lists rather than shell strings, and directory paths are sanitized via a slugification function to prevent injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill's documentation references its official GitHub repository and a Homebrew tap for installing an optional search aggregation tool (search-cli). These resources are provided by the vendor to support the skill's extended search capabilities.
[DATA_EXFILTRATION]: The scripts/verify_citations.py script performs HEAD and GET requests to external URLs, such as doi.org and various bibliography links, to verify source availability and metadata. This network activity is a functional requirement for the citation verification feature and is clearly documented.
[PROMPT_INJECTION]: As a tool designed to ingest and synthesize external web content, the skill has an inherent exposure to indirect prompt injection from third-party websites. However, it mitigates this risk by utilizing structured JSON artifacts for data processing and implementing multi-stage validation gates that separate retrieved evidence from the orchestration logic.

deep-research