The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (HIGH): The installation guide (references/installation-guide.md) recommends piping a remote script directly to a shell: curl -LsSf https://astral.sh/uv/install.sh | sh. This executes unverified remote code from a domain (astral.sh) not on the trusted list.\n- Persistence Mechanisms (HIGH): The interactive setup guide (references/interactive-setup.md) instructs users to append environment variables to their shell profile: echo 'export OPENAI_API_KEY="..."' >> ~/.bashrc. Modifying shell configuration files is a persistence mechanism that can be abused to execute code or manipulate environment settings across sessions.\n- Privilege Escalation (HIGH): The installation guide (references/installation-guide.md) contains commands using sudo to install system dependencies: sudo apt-get install build-essential. AI agents executing commands with administrative privileges pose a major risk to the host environment.\n- Indirect Prompt Injection (LOW): As a RAG (Retrieval-Augmented Generation) tool, this skill possesses an inherent surface for indirect prompt injection. \n
Ingestion points: Untrusted document folders are processed via the agent-brain index command. \n
Boundary markers: Absent; query results in the API reference (references/api_reference.md) show raw text chunks without delimiters or safety instructions. \n
Capability inventory: The skill uses network operations (httpx in scripts/query_domain.py) and local CLI execution. \n
Sanitization: No evidence of sanitization or instruction-filtering for indexed content.\n- External Downloads (LOW): The version management guide (references/version-management.md) performs dynamic requests to PyPI to resolve versions: curl -sf https://pypi.org/pypi/agent-brain-rag/json.

using-agent-brain