The Agent Skills Directory

REMOTE_CODE_EXECUTION (HIGH): The script resources/scripts/multi_db_manage.sh repeatedly invokes npx agentdb@latest to perform database operations. This behavior downloads and executes the latest version of a package from the npm registry at runtime without version pinning or integrity verification, posing a severe supply-chain risk.
PROMPT_INJECTION (HIGH): Category 8 (Indirect Prompt Injection) Analysis:
Ingestion points: resources/scripts/quic_sync.py listens on UDP port 4433 for pattern data from network peers.
Boundary markers: Absent. Data received over the network is parsed as JSON and processed without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill manages a reasoning_bank (reasoning.db) and knowledge_base which directly influence agent decision-making logic.
Sanitization: None detected. Malicious peers can synchronize 'reasoning patterns' containing adversarial instructions that the agent may later adopt as its own logic.
EXTERNAL_DOWNLOADS (HIGH): The skill depends on several external libraries and tools (agentdb, aioquic, numpy) and specifically encourages the use of unpinned versions (@latest), increasing the likelihood of unauthorized code execution via dependency confusion or package takeover.
COMMAND_EXECUTION (MEDIUM): multi_db_manage.sh executes several shell commands (sqlite3, cp, npx) with parameters derived from configuration files and command-line arguments, which could be exploited if an attacker can influence the configuration values.
DATA_EXPOSURE (MEDIUM): The QUIC configuration (resources/templates/quic-config.yaml) sets verify_mode: false for TLS. While labeled for development, this disables peer certificate verification, making the database synchronization vulnerable to Man-in-the-Middle (MitM) attacks and data interception.

agentdb-advanced-features