The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from user messages and external URLs for fact extraction, creating a potential surface for indirect prompt injection attacks where malicious instructions could be embedded in the data being processed.\n
Ingestion points: Content enters the system via user message processing in the Archive module and external URL fetching described in modules/ingest/SKILL.md.\n
Boundary markers: The skill does not programmatically enforce strict delimiters or boundary markers to separate instructions from untrusted data during the extraction phase.\n
Capability inventory: The skill possesses capabilities for database writes, local script execution via memory.sh, and network requests for cloud synchronization and embeddings.\n
Sanitization: The skill mitigates risks by implementing PII filtering and providing clear guidelines for URL validation and SSRF prevention.\n- [SAFE]: The engine includes a built-in PII and secret detection function (is_sensitive_content in brain.py) that uses regular expressions to identify and block the storage of sensitive patterns such as AWS keys, private keys, and passwords.\n- [SAFE]: The Ingest module provides security guidelines that instruct the agent to validate URLs and explicitly reject private IP ranges and internal hostnames, protecting the environment from SSRF (Server-Side Request Forgery).\n- [SAFE]: All network operations, including optional synchronization with the SuperMemory cloud service and fetching of remote embeddings, are documented and require explicit user configuration (e.g., providing an API key).

agent-brain