The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The post_execution hook contains a command injection vulnerability. It interpolates the $TASK variable directly into a shell command: npx agentic-flow@alpha memory store-pattern ... --task "Memory Unification: $TASK". An attacker or a malicious sub-task could provide a value containing shell metacharacters (e.g., ;, `, or $()) to execute arbitrary code in the agent's environment.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes npx agentic-flow@alpha in both pre_execution and post_execution hooks. This command downloads and executes a package from the npm registry at runtime. The package agentic-flow is not a trusted source, and the use of an @alpha version increases the risk of supply-chain attacks.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill's architecture is designed to ingest and process untrusted external data.
Ingestion points: MarkdownBackend reads local files via fs.readFile, and UnifiedMemoryService processes MemoryEntry data.
Boundary markers: There are no delimiters or instructions provided to the agent to ignore or isolate instructions embedded within the ingested data.
Capability inventory: The skill possesses the ability to execute shell commands (via npx hooks) and perform file/database operations.
Sanitization: No sanitization, validation, or escaping logic is implemented for content entering the unified memory system, allowing for potential manipulation of agent behavior.
[INFO] (SAFE): The URLite scanner alert for this.ca is identified as a false positive. The string occurs as part of the internal code logic this.calculateImprovement() and does not represent a malicious external domain.

agent-v3-memory-specialist