The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The script scripts/rlm_repl.py utilizes the exec() function to process commands. This allows for arbitrary code execution on the host machine. In an agentic environment, this poses a risk if the agent is tricked into executing malicious commands found in the analyzed documents.\n- [DYNAMIC_EXECUTION] (HIGH): The skill uses pickle.load() to restore its state from /tmp/rlm_state.pkl. Because pickle is inherently insecure and can be used to trigger arbitrary code execution, and because /tmp is a shared directory, this creates a vulnerability for local privilege escalation or code execution.\n- [DATA_EXPOSURE] (MEDIUM): Sensitive document data is stored in a predictable, shared location (/tmp), potentially exposing it to other users on the same system.\n- [PROMPT_INJECTION] (LOW): The skill is inherently designed to read and process untrusted external files, making it a target for indirect prompt injection.\n
Ingestion points: Document content is loaded in scripts/rlm_repl.py via the init command.\n
Boundary markers: None; the content is loaded as a raw string into the agent's context without delimiters.\n
Capability inventory: The skill provides full Python execution via exec() and file system writing via write_chunks().\n
Sanitization: None; document content is processed as-is.

recursive-language-model