The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands to run local tools like extract_paper_style.py and verify_paper_audits.sh. There is a risk of command injection if user-provided inputs in $ARGUMENTS (such as the --style-ref source) are not properly sanitized before being interpolated into these bash snippets.
[EXTERNAL_DOWNLOADS]: The pipeline is designed to fetch external content from URLs or arXiv IDs through the extract_paper_style.py tool, which can be used to ingest untrusted data into the research workflow.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes complex, untrusted documents like research narratives and style reference papers. These inputs could contain hidden instructions that manipulate the agent's output during the paper generation process. Capability inventory: the skill can write files, execute shell commands, and call other agent skills. Ingestion points: user arguments and report files. Boundary markers and sanitization are not explicitly defined in the instruction set.

paper-writing