The Agent Skills Directory

[COMMAND_EXECUTION]: The skill explicitly supports an environment variable CE_MCP_ALLOW_SHELL=1 which enables the agent to execute arbitrary shell commands on the host system.
[COMMAND_EXECUTION]: The create_process tool allows the agent to launch arbitrary executables with user-defined parameters, potentially leading to unauthorized software execution.
[COMMAND_EXECUTION]: The skill facilitates the installation of DBVM, a Ring -1 hypervisor, which provides the agent with extremely high-level system privileges and the ability to bypass standard security controls.
[REMOTE_CODE_EXECUTION]: The execute_code tool allows the agent to run raw machine code (shellcode) within target processes.
[REMOTE_CODE_EXECUTION]: The inject_dll tool allows the agent to load external libraries into memory, facilitating arbitrary code execution in the context of other applications.
[DATA_EXFILTRATION]: The suite of memory-reading tools (read_memory, read_string, read_pointer_chain, read_bytes) grants the agent the capability to extract sensitive information from the memory space of any process it attaches to.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection, as it is designed to ingest and interpret data from external, untrusted processes.
Ingestion points: Tools such as read_string, disassemble, read_memory, and get_rtti_classname ingest data from target process memory (SKILL.md).
Boundary markers: No boundary markers or instructions are provided to help the agent distinguish between data and potential malicious commands embedded in process memory.
Capability inventory: The skill provides high-impact tools including execute_code, inject_dll, and create_process (SKILL.md).
Sanitization: There is no evidence of sanitization or validation of the data read from external processes before it enters the agent's context.

cheatengine-mcp-automation