The Agent Skills Directory

Dynamic Execution (MEDIUM): The skill contains a JIT compilation example in SKILL.md (Section 6) that uses mmap to allocate memory with PROT_READ | PROT_WRITE | PROT_EXEC permissions. This allows the program to write machine code bytes directly into memory and execute them by casting the pointer to a function type. While this is the intended purpose of a JIT-related skill, the use of simultaneous write and execute permissions (violating W^X principles) is a significant security risk if the input code is not strictly validated.
Indirect Prompt Injection (LOW): The skill is designed to process and execute bytecode. This creates an attack surface where an agent using this skill might unknowingly execute malicious logic if the bytecode is sourced from untrusted user input.
Ingestion points: Bytecode instruction stream processing in SKILL.md (e.g., uint8_t op = *ip++).
Boundary markers: Minimal; uses PUSH_SAFE for stack overflow but lacks comprehensive validation of the bytecode stream itself.
Capability inventory: Memory allocation (mmap), memory copying (memcpy), and direct execution of machine code via function pointers.
Sanitization: None provided in the simplified educational snippets.

interpreters