The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill fetches and executes 'mcporter' from npm and 'context-portal-mcp' from PyPI at runtime. These packages and their maintainers are not on the provided list of trusted sources, creating a supply-chain risk.
REMOTE_CODE_EXECUTION (MEDIUM): Commands use 'npx' and 'uvx' to download and run code dynamically. Without version pinning, the agent will execute whatever version is current on the registry, which could be compromised.
COMMAND_EXECUTION (LOW): The skill relies on shell command execution to perform its primary functions. While intended, this increases the attack surface if user-provided content is improperly escaped during tool calls.
PROMPT_INJECTION (LOW): The skill creates an Indirect Prompt Injection surface by ingesting untrusted data from the local SQLite database. * Ingestion points: SKILL.md specifies multiple tools like 'conport.get_product_context' and 'conport.get_active_context' that read previously stored data into the agent's context. * Boundary markers: No delimiters or safety instructions are present to prevent the agent from following instructions embedded in the retrieved memory. * Capability inventory: The skill has the capability to execute shell commands ('npx', 'uvx') and read/write to the file system. * Sanitization: There is no evidence of input validation or sanitization for data retrieved from the ConPort database.

conport-memory