The Agent Skills Directory

[Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill instructions rely heavily on npx agentdb@latest. This pattern downloads and executes the latest version of the agentdb package from the NPM registry at runtime. Because the source organization ruvnet is not within the Trusted External Sources list, this represents an unverifiable remote code execution risk.
[Persistence Mechanisms] (HIGH): The instruction to use claude mcp add agentdb npx agentdb@latest mcp establishes a persistence mechanism. This adds a command to the agent's configuration that fetches and executes remote code every time the agent initializes its MCP servers.
[Indirect Prompt Injection] (HIGH): The 'RAG (Retrieval Augmented Generation)' implementation example in SKILL.md is highly vulnerable.
Ingestion points: Data is retrieved from the vector database via db.searchSimilar.
Boundary markers: Absent. The retrieved context is directly concatenated into the prompt: Context: ${context.map(c => c.text).join('\n')}.
Capability inventory: The interpolated prompt is passed directly to llm.generate, which governs the agent's output and subsequent reasoning steps.
Sanitization: Absent. There is no escaping or filtering of the retrieved document content, allowing an attacker to embed malicious instructions within stored documents that the agent will follow when they are retrieved.
[Dynamic Execution] (MEDIUM): The skill uses npx to dynamically fetch and run an MCP server and benchmark tools, which bypasses static security analysis of the underlying executable logic.

AgentDB Vector Search