The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/docx_builder.py and scripts/pdf_builder.py utilize subprocess.check_call to run pip install commands. This allows the skill to modify the system environment by installing external software at runtime.
[EXTERNAL_DOWNLOADS]: The skill dynamically downloads the python-docx and fpdf2 packages from the public PyPI registry. These dependencies are not pinned to specific versions, which poses a risk of inconsistent behavior or exposure to supply chain vulnerabilities.
[DATA_EXFILTRATION]: The scripts/data_processor.py component is designed to read and parse files from any local path provided by the user. Because the skill incorporates the content of these files into generated research notes, there is a risk of exposing sensitive data or configuration files if the agent is instructed to process them.
[PROMPT_INJECTION]: The skill processes untrusted external data from user-specified files, which creates a surface for indirect prompt injection. 1) Ingestion: scripts/data_processor.py reads files from the filesystem; 2) Boundaries: No explicit delimiters or instructions are used to separate external data from agent instructions; 3) Capabilities: The skill can write files and execute shell commands; 4) Sanitization: Content is truncated but not sanitized for potential injection patterns.
[COMMAND_EXECUTION]: The workflow defined in SKILL.md instructs the agent to execute shell commands to run the scripts/generate_note.py entry point, passing JSON configurations and file paths as arguments.

k-research-note