The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill is designed to retrieve historical conversation data, which naturally involves processing untrusted data from past interactions.
Ingestion points: Data is retrieved from the memory system via the memory_search, memory_get, and task_summary tools.
Boundary markers: The guide does not specify explicit markers for isolating retrieved memory content from current instructions.
Capability inventory: The skill provides access to logic-modifying tools like skill_install and data-sharing tools like memory_share.
Sanitization: No explicit sanitization or validation of the retrieved memory content is described in the manual.
Context: These risks are inherent to any long-term memory system and are addressed by the platform's core architecture rather than the skill guide itself.
[REMOTE_CODE_EXECUTION]: The skill documents tools for dynamic capability extension within the agent's environment.
Evidence: The skill_install and network_skill_pull tools allow the agent to download and install new skills. These are described as standard platform features for extending agent functionality through learned experiences.
[DATA_EXFILTRATION]: The skill includes tools for moving data between local and shared environments.
Evidence: The memory_share, skill_publish, and task_share tools facilitate the sharing of information from an agent's local workspace to a configured team server. This behavior is the stated purpose of the collaborative sharing features in the MemOS system.

memos-memory-guide