The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill locates and executes a local Python script from a related skill to facilitate PDF downloads.
Evidence: scripts/_pdf_fetch.py contains logic to find fetch.py within several pre-defined skill directories and plugin caches, executing it via subprocess.run to resolve DOIs.
This execution is limited to local files and is intended for cross-skill integration with the author's other tools.
[COMMAND_EXECUTION]: The skill uses sub-processes to run PDF extraction and utility scripts.
Evidence: scripts/extract_pdf.py, scripts/prefetch_pdfs.py, and scripts/_pdf_fetch.py utilize subprocess.run for core tasks.
Security Risk Mitigation: DOIs and other paper identifiers are validated against strict regular expressions (e.g., DOI_RE in scripts/research_state.py) before being used as command arguments.
[EXTERNAL_DOWNLOADS]: The research workflow involves extensive interaction with academic web services.
Evidence: Scripts connect to api.openalex.org, export.arxiv.org, api.crossref.org, eutils.ncbi.nlm.nih.gov, dblp.org, api.semanticscholar.org, www.ebi.ac.uk, and exa.ai to retrieve metadata and paper summaries.
These domains are well-known academic infrastructure and consistent with the skill's primary research purpose.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing untrusted data from external papers.
Evidence: scripts/extract_pdf.py ingests full text from potentially malicious PDFs, and scripts/search_exa.py ingests snippets from the open web. This data is then processed by an agent in Phase 3.
Ingestion points: scripts/extract_pdf.py (pypdf text extraction), scripts/search_exa.py (web highlights).
Capability inventory: subprocess.run (execution), httpx (network access), and state file mutation capabilities exist within the same environment.

scholar-deep-research