The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted user-supplied data (LaTeX source files, figures, and metadata) for validation, which constitutes an indirect prompt injection surface.
Ingestion points: The workflow reads various project files including .tex, .bbl, .bst, and figures from a submission directory (SKILL.md, Workflow Step 1).
Boundary markers: The skill does not implement explicit delimiters or instructions for the agent to ignore potential instructions embedded within the user's LaTeX source files.
Capability inventory: The skill performs file reads and writes a local report file; it does not request network access or high-privilege system modifications.
Sanitization: There is no defined process for filtering or escaping the contents of the ingested LaTeX files before processing.
[COMMAND_EXECUTION]: The validation passes suggest the use of command-line tools such as pdffonts to check for embedded fonts in PDF submissions (SKILL.md, Pass 6). This is a standard and expected operation for a technical audit skill.
[SAFE]: The skill uses a local reference file (references/guidelines.md) containing information extracted from arXiv, a well-known service, which is a safe practice.
[SAFE]: No evidence of hardcoded credentials, data exfiltration, or persistence mechanisms was found in the provided files.

arxiv-preflight