The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The MCP server (mcp/server.py) dynamically loads and executes Python modules from neighboring skill directories (such as skill-system-debug) using importlib. This architectural choice creates a dependency on the integrity of neighboring file structures.
[COMMAND_EXECUTION]: The skill makes extensive use of shell command execution across various scripts (mem.sh, tasks.sh, log-compaction.sh) and its JavaScript plugin to interact with the PostgreSQL environment via the psql binary.
[EXTERNAL_DOWNLOADS]: Installation scripts (setup-pgvector.ps1) download source code from official GitHub repositories and use system package managers like winget to install build tools. These are well-known technology services.
[DATA_EXFILTRATION]: Memory content is sent to external embedding providers (OpenAI) when configured via environment variables. This creates a data path to external services that users should verify.
[PROMPT_INJECTION]: The memory_sync tool ingests content from external markdown files into the database. This creates an attack surface for indirect prompt injection if those files contain malicious instructions that are later retrieved and injected into the agent context.

skill-system-memory