The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill implements secure API key management by instructing the user to store credentials in a local .env file. It explicitly prohibits the agent from reading or printing the contents of this file, preventing the leakage of sensitive keys into the conversation context.
[COMMAND_EXECUTION]: All operations are performed through a dedicated Python CLI utility. The skill uses uv to manage dependencies and run the script, avoiding arbitrary shell command execution and ensuring a controlled environment.
[DATA_EXFILTRATION]: Network activity is restricted to communicating with the OpenAlex API (api.openalex.org) and its content servers (content.openalex.org). The PDF download functionality includes magic-byte verification to ensure that only valid PDF files are retrieved, mitigating risks associated with fetching arbitrary remote content.
[SAFE]: The CLI utility includes logic to truncate large JSON outputs when displayed in a terminal. This prevents the agent's context from being flooded with excessive data, which could otherwise be used as a denial-of-service vector or to hide malicious instructions.

literature-search-openalex