The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The README.md and SKILL.md provide installation commands that pipe remote shell scripts directly to bash. These scripts (install.sh) are hosted on GitHub under the author's own repository (Dicklesworthstone/cass_memory_system). Additionally, competing_proposal_plans/claude_version/README.md and .beads/README.md reference similar installation patterns for related tools.
[EXTERNAL_DOWNLOADS]: The skill utilizes the @xenova/transformers library, which fetches pre-trained machine learning models from Hugging Face (a well-known service) to perform local semantic searches and generate rule embeddings.
[COMMAND_EXECUTION]: The tool executes various shell commands via the cass search engine and includes features to install executable hooks into .git/hooks and .claude/hooks for safety enforcement.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it ingests untrusted agent session logs and uses an LLM to extract procedural rules. Malicious instructions embedded within these logs could be incorrectly identified as valid rules and persisted in the shared playbook.
Ingestion points: src/diary.ts, src/reflect.ts, and src/commands/onboard.ts are responsible for reading and parsing external .jsonl session files.
Boundary markers: The system lacks explicit delimiters or instructions to ignore embedded prompts within the logs during the distillation phase.
Capability inventory: The skill has the ability to write to the local filesystem and trigger arbitrary command execution through its integration with the cass engine in src/cass.ts.
Sanitization: While the skill includes a robust src/sanitize.ts module to redact credentials and API keys from logs, it does not currently filter for natural language injection patterns that might influence the rule extraction process.

cm