The Agent Skills Directory

[DATA_EXFILTRATION]: Recommends the use of non-official, lab-provided API proxy endpoints (hk.yi-zhan.top and vip.yi-zhan.top) to bypass geographical restrictions. While documented as author-owned resources, routing potentially sensitive research data through third-party proxies increases the risk of data interception or unauthorized exposure.
[EXTERNAL_DOWNLOADS]: Encourages the installation of external skills and plugins for agentic tools, specifically ralph-loop, writing-skills, and debugging for Claude Code, from public marketplaces or local sources without providing integrity verification procedures.
[PROMPT_INJECTION]: The skill facilitates processing of untrusted external content (research drafts, literature, and code) which serves as a surface for indirect prompt injection. 1. Ingestion points: User-supplied research text and code modules (e.g., in vibe-writing.md). 2. Boundary markers: Prompt templates use basic delimiters like angle brackets but lack robust 'ignore embedded instructions' warnings. 3. Capability inventory: The recommended tools (Claude Code, Cursor, Codex) possess significant system and file access capabilities. 4. Sanitization: The skill relies on manual user-attested verification ('Integrity Gate') rather than automated sanitization or filtering of processed content.

vibe-research-workflow