The Agent Skills Directory

[COMMAND_EXECUTION]: The execute_agent_code tool provides a capability for the agent to execute JavaScript and TypeScript code. While the documentation states this occurs within a WASM sandbox, the presence of a tool for dynamic code execution represents a significant attack surface if the sandbox environment is bypassed or misconfigured.\n- [EXTERNAL_DOWNLOADS]: The documentation for setup and validation recommends using the command npx -y @modelcontextprotocol/inspector. This operation involves downloading and executing external code from the npm registry at runtime to facilitate testing and implementation checks.\n- [PROMPT_INJECTION]: The skill operates as an episodic memory system, which creates a risk for indirect prompt injection if malicious instructions are stored in the memory database from previous untrusted inputs and retrieved during later sessions.\n
Ingestion points: Untrusted data enters the system context through search queries in query_memory and task inputs in execute_agent_code.\n
Boundary markers: No specific boundary markers or delimiters are documented to isolate retrieved memory content from the agent's core instructions.\n
Capability inventory: The skill possesses high-privilege capabilities including the ability to query a persistent memory database and execute code via the execute_agent_code tool.\n
Sanitization: Although a sandbox is mentioned for code execution, there is no mention of sanitizing or filtering textual data retrieved from the memory database before it is processed by the agent.

do-memory-mcp