The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx to download and execute the @codevoyant/agent-kit package. This package name does not match the expected naming patterns for the author cloudvoyant (which would be @cloudvoyant/* or cloudvoyant-*), identifying it as an unverified external dependency.
[REMOTE_CODE_EXECUTION]: The skill performs remote code execution by running the unverified @codevoyant/agent-kit package via npx across multiple commands. Additionally, the init command in commands/init.md establishes persistence by adding a prompt hook to .claude/settings.json that automatically executes this remote package whenever a user submits a prompt.
[COMMAND_EXECUTION]: The skill interpolates user-derived strings directly into shell commands without explicit sanitization. This occurs in commands/find.md and commands/learn.md where inferred type and tag values are passed to the CLI tool via npx @codevoyant/agent-kit mem find --type <type> --tag <tag>, potentially allowing for command injection if these values contain shell metacharacters.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its knowledge management workflow.
Ingestion points: Knowledge content provided by the user in commands/learn.md is captured and saved to markdown files on the local filesystem.
Boundary markers: Absent; the skill does not use delimiters or instructions to isolate stored knowledge content from the rest of the agent's context during retrieval.
Capability inventory: The skill possesses significant capabilities, including shell command execution (npx), filesystem write access, and the ability to modify agent configuration files like CLAUDE.md and .claude/settings.json.
Sanitization: No sanitization, escaping, or validation is performed on the user-provided knowledge content before it is stored or subsequently loaded back into the active context during "recall" or "remember" operations.

mem2