The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestrator (scripts/investigate.py) and various sub-agents (scripts/investigate_visual.py, scripts/analysis/hybrid_scorer.py) frequently use subprocess.run() and subprocess.Popen() to execute local Python scripts and external tools. While these operations are core to the skill's functionality, they represent a significant command execution surface.
[REMOTE_CODE_EXECUTION]: The mentor-distill/app.py script uses pickle.load() to load vector data stores. Although the file is generated locally, the input for that generation is derived from user-uploaded documents (PDFs, Markdown). Unsafe deserialization is a high-risk pattern that can lead to arbitrary code execution if an attacker can manipulate the stored data or find a path to overwrite the local storage.
[REMOTE_CODE_EXECUTION]: Several analysis scripts, including scripts/analysis/citation_profiler.py and scripts/analysis/text_profiler.py, utilize the __import__ function for dynamic module loading. This pattern is often flagged as a risk for code injection if module paths are not strictly controlled.
[EXTERNAL_DOWNLOADS]: The skill fetches data from several external academic APIs such as OpenAlex, Semantic Scholar, and Crossref. Additionally, the documentation suggests using the uv tool to execute external code from the wechat-article-to-markdown package at runtime.
[PROMPT_INJECTION]: The skill has a large surface for Indirect Prompt Injection. It is designed to ingest untrusted data from academic papers, monographs, and social media platforms like WeChat and Xiaohongshu. This external content is extracted and interpolated into prompts for the AI agent during the final synthesis and report generation stages. Without rigorous sanitization or delimited boundaries, malicious instructions hidden within these documents could be used to manipulate the agent's output or bypass constraints.

academic-investigation