The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill instructs the agent to execute shell commands (specifically Grep) using keywords extracted directly from user conversations in SKILL.md and references/protocol.md. For example: Grep "{关键词}" AI_MEMORY/L1_情境层/. There are no instructions provided to sanitize or escape these keywords. A malicious user could craft an input containing shell metacharacters (e.g., ;, |, $(...)) to achieve arbitrary command execution on the host system.
DATA_EXPOSURE (LOW): The skill's primary function is to read, extract, and write user data to a local directory structure (AI_MEMORY/). While intended, this creates a persistent repository of potentially sensitive information that is accessed and modified by the agent.
INDIRECT_PROMPT_INJECTION (LOW): The skill provides a surface for indirect injection by storing untrusted user content in memory files that are later read by the agent to identify patterns and suggest cognitive/core changes.
Ingestion points: Conversation content extracted in SKILL.md Step 1.
Boundary markers: Absent; data is stored in markdown files without delimiters or sanitization.
Capability inventory: File read/write access to the AI_MEMORY/ directory and shell execution via Grep.
Sanitization: None; the scripts/update_memory.py script and markdown templates lack logic to escape or validate user-provided strings before storage or command execution.

mem-record