The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The script scripts/visualization/setup-visualization-deps.sh dynamically installs several Python packages, including plotly, networkx, and matplotlib, using pip. Runtime installation of dependencies from external registries is a security risk if the registry or the packages themselves are compromised.
CREDENTIALS_UNSAFE (MEDIUM): Multiple scripts, such as scripts/crud/add-memory.py, scripts/crud/search-memories.py, and scripts/crud/delete-memory.py, accept the MEM0_API_KEY via a command-line argument (--api-key). This practice exposes sensitive credentials to other users on the same system via process monitoring tools like ps and saves the secrets in the user's shell command history.
PROMPT_INJECTION (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8). Ingestion points: scripts/create/create-all-agent-memories.py reads content from all .md files in the agents/ directory. Boundary markers: None identified; content is interpolated directly into memory messages. Capability inventory: The skill uses client.add() and client.update() to write data to the remote Mem0 memory store via network calls. Sanitization: No validation, filtering, or escaping of the ingested markdown content is performed before storage.
COMMAND_EXECUTION (LOW): The script scripts/visualization/quick-visualize.sh uses the open command on macOS to launch a generated dashboard in the default browser.
DATA_EXPOSURE (LOW): The client initialization library in scripts/lib/mem0_client.py attempts to load configuration from ~/.mem0.env in the user's home directory. Accessing files outside the project scope increases the attack surface for local sensitive data exposure.

mem0-memory