The Agent Skills Directory

[PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by ingesting untrusted text and source code from external scholarly databases.
Ingestion points: Research paper metadata, LaTeX source files from arXiv, and full-text XML/JSON from PMC and BioC-PMC.
Boundary markers: None are implemented in the provided Python and shell snippets.
Capability inventory: The skill performs network requests via requests and urllib and writes files to the local disk.
Sanitization: No content validation or escaping is applied to the retrieved text before it is processed or displayed.
[DATA_EXFILTRATION]: The skill correctly demonstrates secure handling of sensitive API credentials (such as CORE_API_KEY and UNPAYWALL_EMAIL) by accessing them through system environment variables rather than hardcoding them.
[SAFE]: All network operations are directed at well-known and reputable academic infrastructure, including NCBI, arXiv (Cornell University), CORE, DOAJ, Unpaywall, and the Open Science Framework (OSF).

fulltext-skills