The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes data from external research papers and search results which could theoretically contain malicious instructions. However, the risk is mitigated by the skill's highly structured workflow, the use of markdown templates for boundary isolation, and the absence of high-risk capabilities like shell execution or network requests for exfiltration.
Ingestion points: Processes external papers and user-provided research briefs to populate source_research.md and close_works.md.
Boundary markers: Uses structured markdown headers and specific templates (e.g., references/close-works-template.md) to delimit content.
Capability inventory: Limited to file system write operations and project organization within a defined workspace root.
Sanitization: Relies on structured data formatting rather than explicit content filtering.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads and writes files within the {workspace-root}/research-framing/ directory. This is consistent with its stated purpose as a project management and research organization tool, and no evidence of exfiltrating this data to external domains was found.

paper-reading-research-framing