The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from numerous external sources without sanitization.\n
Ingestion points: Data enters the agent context via over 100 research tools documented in TOOLS_REFERENCE.md and tool_usage_details.md, including PubMed_search_articles, europe_pmc_search_abstracts, and OpenTargets_get_publications_by_disease_efoId.\n
Boundary markers: The report template in REPORT_TEMPLATE.md and the update logic in RESEARCH_PROTOCOL.md do not utilize delimiters (e.g., XML tags) or specific instructions to the agent to disregard potential commands hidden within retrieved medical abstracts or database entries.\n
Capability inventory: Across its scripts, the skill utilizes file system write capabilities (open(filename, 'w')) and extensive network read operations through provided API tools.\n
Sanitization: The research protocol in RESEARCH_PROTOCOL.md lacks content validation or escaping of retrieved content before it is interpolated into the markdown report.\n- [COMMAND_EXECUTION]: The skill provides functional Python code templates in RESEARCH_PROTOCOL.md for file creation and data updates. It directs the agent in SKILL.md to follow these 'step-by-step code procedures,' which involves generating and executing local scripts to manage the research report workflow.

tooluniverse-disease-research