The Agent Skills Directory

Indirect Prompt Injection (HIGH): The skill possesses a high vulnerability surface for indirect prompt injection due to its interaction with untrusted data and write-capable tools. * Ingestion Points: Data enters the context through mcp__memory__add_observations and mcp__memory__create_entities based on external sources like 'Discovered Patterns', 'Bug Solutions', and 'Session Summaries' as described in SKILL.md. * Boundary Markers: Absent. The instructions do not define delimiters to isolate untrusted content from the agent's instructions. * Capability Inventory: The skill is explicitly allowed to use Write, Edit, and mcp__memory__* tools in the YAML frontmatter. * Sanitization: None. There is no requirement for the agent to sanitize or validate the content before storing it in the knowledge graph. * Threat: Malicious instructions hidden in code comments or bug reports could be permanently stored and later triggered when the agent 'recalls' the pattern, leading to unauthorized file system operations or behavior override.

memory-management