The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting arbitrary user-supplied text to be stored as 'observations' or 'entities' within a knowledge graph.
Ingestion points: The <text> argument in the /ork:remember command is the primary entry point for untrusted data into the memory system.
Boundary markers: Absent. The skill does not wrap the user-provided text in delimiters or provide 'ignore embedded instructions' warnings when storing or preparing the data for the knowledge graph.
Capability inventory: The skill possesses the Bash tool and various MCP memory tools (mcp__memory__create_entities, etc.), which could be targeted if an agent later retrieves a malicious instruction from memory.
Sanitization: No sanitization or safety filtering is performed on the input text beyond simple character truncation for length.
[COMMAND_EXECUTION]: The skill explicitly requests the Bash tool in its allowed-tools configuration. While the documented workflow focuses on knowledge graph operations, the inclusion of a shell environment provides a capability for local command execution on the host system.

remember