The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill provides an "Automated Setup" prompt and manual instructions that direct the agent to download and install an MCP server from a third-party GitHub repository (https://github.com/bschoepke/ableton-live-mcp). This repository is not maintained by the stated author and contains unvetted code that could execute with user privileges.
[EXTERNAL_DOWNLOADS]: The installation instructions require cloning a remote git repository and installing unpinned dependencies from a requirements.txt file, introducing significant supply chain risks.
[COMMAND_EXECUTION]: The evaluate_python tool enables the execution of arbitrary Python code within the Ableton Live environment. This provides a direct path for the agent to perform unauthorized system operations or access sensitive data through standard Python libraries.
[DATA_EXFILTRATION]: The capture_audio tool allows the agent to record audio from Ableton tracks and returns the result as a base64-encoded WAV string. This capability, combined with the ability to read local file paths in tools like insert_audio_file, creates a path for data exfiltration from the local machine to the AI provider.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection.
Ingestion points: External data enters the agent context through the get_live_set_info and capture_audio tools which read state from Ableton Live.
Boundary markers: There are no instructions or delimiters used to ensure the agent treats data from Ableton as untrusted or ignores potential instructions embedded in track names or device metadata.
Capability inventory: The skill has access to evaluate_python (arbitrary code execution), insert_audio_file (file system access), and add_track (modifying the Live Set).
Sanitization: There is no evidence of validation or sanitization of the data retrieved from the Ableton environment before it is used by the agent to make decisions or execute code.

ableton-live-mcp-control