The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs users to install a third-party CLI tool by downloading a shell script from 'https://parallel.ai/install.sh' and piping it directly into bash. This is a high-risk pattern that allows for arbitrary code execution from a source outside the verified environment.
[EXTERNAL_DOWNLOADS]: The skill depends on several external packages and system tools, including 'requests' for Python and system-level installations of 'pandoc' and 'xelatex' via 'brew' or 'apt-get'. These dependencies are required for citation verification and PDF generation but require elevated permissions to install.
[COMMAND_EXECUTION]: The 'scripts/generate_pdf.py' and 'scripts/generate_schematic.py' scripts utilize the 'subprocess' module to execute system commands and other Python scripts. While they use list-based arguments, they represent a significant capability tier that could be abused if parameters are manipulated.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection due to its core function of ingesting and processing untrusted data from academic databases.
Ingestion points: The skill fetches paper titles, abstracts, and full-text content from sources like PubMed, arXiv, and general web searches, saving them to 'sources/' JSON files.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat this external content as untrusted data.
Capability inventory: The agent has the ability to write files, execute shell commands (via pandoc/xelatex), and send data to the OpenRouter API.
Sanitization: The fetched content is interpolated directly into markdown templates and used as prompts for generating scientific schematics without apparent sanitization, which could allow maliciously crafted academic titles to influence the agent's behavior during the synthesis or visualization phases.

literature-review