The Agent Skills Directory

[COMMAND_EXECUTION]: The script generates suggested follow-up commands for batch failures. It uses shlex.quote to sanitize all user-controlled variables (DOIs and output paths), preventing command injection vulnerabilities.
[DATA_EXFILTRATION]: The skill performs outbound network requests to academic APIs and PDF repositories. It includes a robust SSRF (Server-Side Request Forgery) protection layer that validates URLs against private IP ranges, loopback addresses, non-standard ports, and cloud metadata endpoints.
[EXTERNAL_DOWNLOADS]: The skill downloads content from external academic sources and mirrors. It enforces safety by validating the %PDF magic bytes of the response and strictly capping file sizes at 50MB to prevent resource exhaustion attacks.
[PROMPT_INJECTION]: The skill instructions are focused on functional usage and do not contain patterns attempting to bypass agent safety filters or override system instructions.

paper-fetch