The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill recommends several third-party Model Context Protocol (MCP) servers hosted on individual GitHub repositories (e.g., blazickjp/arxiv-mcp-server, akapet00/semantic-scholar-mcp, cyanheads/openalex-mcp-server) for fetching academic data. These are presented as recommendations in a catalog (references/mcp-catalog.md) rather than automated installation scripts, and the documentation explicitly advises users to re-check candidates and record risks before installation.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process external content such as PDFs, Markdown files, and API data from research databases (arXiv, PubMed, etc.). This represents an attack surface for indirect prompt injection where malicious instructions could be embedded in research papers.
Ingestion points: Untrusted data enters the context through files in sources/pdfs/, sources/markdown/, and external API responses from academic databases.
Boundary markers: The instructions do not specify explicit delimiters or boundary markers for the ingested content.
Capability inventory: The skill utilizes file read/write operations within the project repository and network access to well-known research APIs.
Sanitization: No specific sanitization or filtering logic is defined for the external research content.
[DATA_EXPOSURE]: The skill provides clear security guidance in references/repository-contract.md, instructing the agent that generated configuration snippets must never contain sensitive information such as API keys, cookies, or session tokens. This is a positive security practice.

sota-literature-review