The Agent Skills Directory

[DYNAMIC_EXECUTION]: The module modules/caching-performance.md utilizes the pickle library for both memory estimation and persistent caching. Specifically, the MultiLevelCache._load_persistent_cache method calls pickle.load(f) on a file path. Because pickle deserialization can execute arbitrary code and the skill operates in an environment with file system access (Write/Edit tools), this presents a significant security risk if the cache file is tampered with or replaced by an attacker.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process, decode, and validate various data formats (TOON, JSON, YAML) from external sources. This ingestion surface is vulnerable to indirect prompt injection if the data contains malicious instructions that the agent might interpret as commands. While the skill includes a DataValidator module, its effectiveness depends on strict schema enforcement by the implementation.
[COMMAND_EXECUTION]: The combined presence of file manipulation tools (Write, Edit) and unsafe deserialization logic (pickle.load) creates a pathway for persistent command execution if the agent is manipulated into writing a malicious payload to the cache location.

moai-formats-data