The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted external data from BibTeX files and Obsidian literature notes to generate cross-cutting concept summaries. This creates a surface for indirect prompt injection if an attacker-controlled reference file contains malicious instructions designed to influence the agent's behavior during Phase 4 (Concept Extraction).
Ingestion points: Processes .bib files in Phase 1 and reads existing Obsidian notes from 02 연구/문헌/*.md in Phase 4.
Boundary markers: No explicit delimiters or instructions are used to separate untrusted bibliographic content from the agent's internal logic.
Capability inventory: The skill possesses the ability to execute shell commands (Bash), write to the local file system (Write/Edit), and interact with the Zotero library via MCP.
Sanitization: Input is parsed using regex for specific fields, but the textual content of titles and abstracts is processed directly without sanitization for instruction markers.
[EXTERNAL_DOWNLOADS]: The skill fetches bibliographic metadata from the official NCBI E-utils API (eutils.ncbi.nlm.nih.gov). This is a well-known, authoritative government service for scientific research data and is considered a safe source.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform file system checks (stat, ls, grep) and network queries via curl. In Phase 2.5, it uses a Python one-liner to verify profile configurations. These commands are narrowly scoped to verifying the state of the Zotero/Obsidian environment and are not used for arbitrary execution.
[REMOTE_CODE_EXECUTION]: The inclusion of a regression test (tests/test_poll_logic.sh) demonstrates the generation and execution of a local shell script. This script is used for verifying file modification timestamps and is categorized as low-risk script generation from a static template.

lit-sync