The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill includes a shell script scripts/sync_share_repo_jcr.sh that clones an external, unverified GitHub repository (https://github.com/yongqianxiao/share_repo.git) to fetch reference data. This source is not part of the trusted vendors list, presenting a supply chain risk.
[COMMAND_EXECUTION]: The file scripts/sync_share_repo_jcr.sh executes system-level commands, specifically git clone and rsync, to manage local file synchronization from the remote repository.
[CREDENTIALS_UNSAFE]: The skill instructions for the EasyScholar API require sending the secretKey as a query parameter in a GET request (https://www.easyscholar.cc/open/getPublicationRank?secretKey=<EASYSCHOLAR_SECRET_KEY>...). This is an insecure transmission method as credentials can be exposed in server logs, proxy logs, and browser history.
[PROMPT_INJECTION]: The skill processes untrusted data from PubMed (Phase A) and performs analysis in Phase B to generate structured summaries. It lacks explicit boundary markers or sanitization logic to handle potentially malicious instructions embedded in scientific abstracts. Given the agent has the capability to send messages to external communication channels via the message tool, this creates a surface for indirect prompt injection.

wenxian