Literature Search Workflow

The skill bundle contains a hardcoded API key for the Tavily search service in `scripts/literature_search.py` (`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`), which constitutes a security vulnerability. Additionally, `UPLOAD_GUIDE.md` includes hardcoded local file paths (e.g., `C:\Users\13600\...`) from the author's environment, indicating poor hygiene. While the code logic is aligned with the stated purpose of performing academic literature searches and lacks clear malicious intent, the inclusion of hardcoded credentials warrants a suspicious classification.