The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses dynamic context injection (!date +%Y-%m-%d) in SKILL.md to timestamp the current session. This is a benign use of shell execution for metadata purposes.
[DATA_EXPOSURE]: The skill utilizes WebFetch and WebSearch to gather data. Based on the allowed-tools configuration, it has no access to sensitive local files, credentials, or environment secrets. The tool usage is consistent with its stated research purpose.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it ingests untrusted content from the web via WebFetch and WebSearch. However, this is inherent to its primary function as a research tool. The risk is minimized by the lack of high-privilege capabilities (e.g., file writes, remote code execution) and the restriction to read-only tools. Evidence Chain: 1. Ingestion points: WebFetch in workflows/documentation-research.md, WebSearch in workflows/parallel-research.md. 2. Boundary markers: Absent. 3. Capability inventory: Read, Grep, Glob, WebFetch, WebSearch. 4. Sanitization: Absent.

research