The Agent Skills Directory

[SAFE]: The skill follows academic best practices for literature reviews and uses well-known, reputable scientific APIs (CrossRef, PubMed, bioRxiv) for data retrieval.
[COMMAND_EXECUTION]: The script scripts/generate_pdf.py uses subprocess.run to invoke the pandoc utility for converting Markdown to PDF. The implementation uses list-based arguments rather than shell strings, which effectively mitigates the risk of command injection from malicious filenames.
[EXTERNAL_DOWNLOADS]: The scripts/verify_citations.py script communicates with doi.org and api.crossref.org to retrieve publication metadata. These are authoritative, well-known services in the research community. No unauthorized or suspicious remote code downloads were found.
[INDIRECT_PROMPT_INJECTION]: The skill processes external data (paper titles, abstracts, and metadata). While this represents a theoretical attack surface for indirect prompt injection, the impact is minimized by structured data handling (JSON) and the specific nature of the research workflow. The skill is assessed as low risk in this category.

literature-review