The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill provides instructions for storing provider API keys (e.g., OpenAI) in local configuration files located in ~/.paper-manager/ or ./.paper-manager/ using the paper config set command. While the text uses a placeholder ('sk-...'), the tool's primary function involves managing these sensitive credentials in plain text or standard configuration formats.
[EXTERNAL_DOWNLOADS]: The documentation recommends the installation of the paper-manager package from the NPM registry using npm install -g paper-manager. This is a vendor-owned resource associated with the skill author.
[COMMAND_EXECUTION]: The skill relies on the execution of the paper CLI tool to perform various file system operations, including creating data directories, reading/writing academic papers (PDF, TXT, MD), and managing SQLite databases.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its document processing capabilities.
Ingestion points: Untrusted content is ingested from external files such as PDFs, TXT, MD, and TEX files via the paper lit add command.
Boundary markers: The skill does not define specific boundary markers or instructions for the agent to ignore instructions embedded within the processed literature.
Capability inventory: The agent can retrieve and display paper content (lit show), perform semantic searches (kb query), and modify tool configurations (config set).
Sanitization: There is no mention of sanitization, filtering, or escaping of the extracted text content before it is processed by the underlying language model.

paper-cli