The Agent Skills Directory

[SAFE]: The skill utilizes environment variables for managing the LLM_API_KEY, which is a secure and standard practice for handling sensitive credentials in local environments.- [SAFE]: External data fetching is restricted to the official ArXiv API and RSS feeds, which are well-known and trusted academic resources. These operations are performed using standard libraries with no signs of malicious routing or exfiltration.- [PROMPT_INJECTION]: The skill processes untrusted external content by reading and summarizing ArXiv papers. This creates a surface for indirect prompt injection; however, the agent's logic does not include any exploitable capabilities, such as tool-calling, file-system writing, or additional network requests based on the paper's content, which mitigates the risk.

arxiv-reader