The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill facilitates the global installation of an external Node.js package, @tobilu/qmd, via the npm install -g command during its initialization process if the QMD memory engine is selected. This package originates from a source that is not listed as a trusted vendor or a well-known service. Additionally, the skill utilizes npx to check the status of the tool, which may also trigger downloads from the NPM registry.
[COMMAND_EXECUTION]: The skill has an extensive command execution footprint. It relies on executing shell commands for its core functionality, including the qmd CLI for semantic search and indexing, sed for in-place configuration file modification, and python3 -c for JSON parsing and version management across several scripts (init.sh, bump-version.sh, and package.sh).
[PROMPT_INJECTION]: The skill is inherently vulnerable to indirect prompt injection due to its design as a retrieval-augmented memory system. It automatically reads and injects content from local Markdown files into the agent's conversation context without sufficient sanitization or the use of boundary delimiters.
Ingestion points: Untrusted data enters the context from files located in knowledge-base/*.md and experience/*.md, which are updated based on past conversations.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when retrieving and inserting knowledge or experience entries.
Capability inventory: The skill possesses significant capabilities, including filesystem write access and the ability to execute shell commands via subprocesses.
Sanitization: There is no evidence of validation or escaping of the Markdown content before it is interpolated into the agent's prompts.

mem-skill