The Agent Skills Directory

[COMMAND_EXECUTION]: The skill workflow requires the agent to generate a Python script (typically saved to /tmp/s2_search.py) and execute it via the shell. This pattern is used to handle complex API logic, pagination, and rate limiting through the provided helper module.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted metadata (paper titles, abstracts, and TLDRs) from the Semantic Scholar API. • Ingestion points: External data is fetched via the requests library in the s2.py helper module. • Boundary markers: The current implementation lacks explicit delimiters or isolation markers to separate retrieved API data from the agent's instructions. • Capability inventory: The skill allows the agent to execute generated scripts and write data to the local filesystem (e.g., via export_markdown and export_json). • Sanitization: No sanitization or escaping of external content is performed before the data is formatted and presented to the agent.

semanticscholar-skill