The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The skill contains a piped remote script execution pattern: curl -fsSL https://ollama.ai/install.sh | sh. This command downloads a script and immediately executes it with the user's current permissions, providing no opportunity to inspect the code for malicious content before it runs.
[EXTERNAL_DOWNLOADS] (HIGH): The skill directs the installation of software from an external, untrusted source (ollama.ai). According to the trust-scope rules, this source is not part of the pre-approved list of trusted organizations, increasing the risk of downloading unverified or malicious binaries.
[COMMAND_EXECUTION] (MEDIUM): Documentation includes instructions for destructive local file system operations, such as rm -rf ~/.auto-claude/memories/embeddings. If these commands were automated or executed accidentally, they could lead to significant data loss.
[PROMPT_INJECTION] (LOW): The Graphiti memory system is vulnerable to indirect prompt injection (Category 8). Malicious instructions can be embedded in data processed by the agent and persisted in the knowledge graph.
Ingestion points: Data enters the system via the add_episode tool and through automatic insight extraction from agent sessions (SKILL.md).
Boundary markers: None identified in the provided documentation or configurations to distinguish between trusted instructions and untrusted data.
Capability inventory: The system includes the ability to query nodes/facts, add episodes, and execute Python scripts (query_memory.py) that interact with the knowledge graph.
Sanitization: The skill does not mention or implement sanitization or filtering of the stored insights to prevent the re-execution of injected instructions.

auto-claude-memory