The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent to install the parallel-cli tool using a piped bash command: curl -fsSL https://parallel.ai/install.sh | bash. This pattern is highly insecure as it executes an unverified remote script with the permissions of the current user.
[COMMAND_EXECUTION]: Multiple Python scripts in the toolkit utilize subprocess.run() to execute system-level commands and external binaries, including:
pandoc for PDF generation in literature-review/scripts/generate_pdf.py.
soffice (LibreOffice) for spreadsheet recalculation in xlsx/scripts/office/soffice.py.
System diagnostic tools like sysctl and vm_stat in timesfm-forecasting/scripts/check_system.py.
[DATA_EXFILTRATION]: The skill uses network-enabled libraries (requests) and tools (parallel-cli search, WebFetch) to interact with numerous academic APIs and web services. While necessary for its functionality (paper lookups, metadata extraction), these capabilities, when combined with the agent's access to local project files and sensitive environment variables (e.g., MP_API_KEY, NCBI_API_KEY), create a vector for potential data exfiltration.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection. It is designed to ingest and process data from untrusted external sources, including:
Web search results and extracted full-text content from parallel-cli.
PDF files via pdfplumber and pypdf.
Scientific data formats and spreadsheets.
Academic database API responses. The absence of explicit boundary markers or instructions to ignore embedded commands in these data streams, combined with powerful tools like Bash, Write, and various Python execution scripts, allows for malicious instructions hidden in research papers or data files to potentially hijack the agent's behavior.

scientific-toolkit-skill