The Agent Skills Directory

[DATA_EXPOSURE_&_EXFILTRATION]: The skill performs network requests to api.crossref.org and api.openalex.org to verify the authenticity of DOIs. These are established academic services, and the requests are limited to querying metadata based on specific identifiers found in the user's BibTeX files. No sensitive system data or credentials are transmitted.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user data by reading .tex and .bib files. This creates a surface for indirect prompt injection if an attacker embeds malicious instructions in the paper's text or reference fields. However, the risk is mitigated by the skill's structure: it converts content into structured JSON (ai_ref_alignment_input.json) for the host AI to analyze rather than passing raw text blocks, and it adheres to a strict read-only policy for the project's source code.
Ingestion points: LaTeX files and BibTeX files are read by latex_scanner.py and bib_utils.py.
Boundary markers: The AI is instructed to process the structured JSON output, which provides inherent data separation compared to unstructured text.
Capability inventory: The skill can write reports to the project's .nsfc-ref-alignment/ and ./references/ directories, but it is prohibited from modifying .tex, .bib, .cls, or .sty files.
Sanitization: The skill strips LaTeX comments and verbatim environments during parsing to reduce noise and potential bypasses.
[COMMAND_EXECUTION]: The skill uses a helper script run_ref_alignment.py to perform deterministic analysis. All file operations within this script are scoped to the user-provided project_root, and the script includes logic to ensure referenced files are contained within that root.
[REMOTE_CODE_EXECUTION]: The skill imports standard Python libraries such as yaml (using safe_load) and bibtexparser. It does not download or execute external scripts at runtime.

nsfc-ref-alignment