The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute local Python scripts such as query_cache.py and inventory.py, as well as standard search tools like grep and ripgrep (rg). These operations are used for repository navigation and orientation, which is consistent with the skill's stated purpose and intended functionality.
[PROMPT_INJECTION]: The search functionality introduces a potential surface for indirect prompt injection as the agent ingests content from the repository.
Ingestion points: Search results from the RLM cache (via query_cache.py), vector database (via vector-db-search), and keyword matches (via grep/rg) are incorporated into the agent's context during operation.
Boundary markers: Absent; the skill lacks specific instructions or delimiters for the agent to ignore potentially malicious instructions embedded in the indexed content.
Capability inventory: The agent has access to shell execution and filesystem operations across multiple scripts provided in the repository.
Sanitization: No sanitization or validation of search results is performed before they are processed by the agent. This is noted as an inherent risk for search-oriented skills rather than an active vulnerability.

rlm-search