The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands to interact with external APIs and system configurations.
Evidence: SKILL.md and references/core-runtime.md contain curl -sS https://agent.metengine.xyz/health.
Evidence: references/core-extended.md provides instructions to modify the user's crontab: 0 0 * * 0 curl -sL https://www.metengine.xyz/skill.md -o ~/.claude/agents/metengine-data-agent.md.
[EXTERNAL_DOWNLOADS]: Downloads remote documentation and updated instruction files from vendor-controlled domains and GitHub.
Evidence: SKILL.md lists https://raw.githubusercontent.com/MetEngine/skill/main/references/docs-index.json as a source for remote fetching.
[DATA_EXFILTRATION]: The skill accesses sensitive local configuration files used for storing cryptographic keys.
Evidence: references/core-extended.md instructs the agent to read ~/.config/solana/id.json to access the Solana wallet.
Evidence: The skill encourages maintaining a 'Session Memory' file at ~/.claude/agents/metengine-memory.md which stores system paths and client bootstrap code.
[REMOTE_CODE_EXECUTION]: Implements a mechanism that overwrites the agent's primary instruction file with content fetched from a remote server, allowing for remote modification of the agent's behavior.
Evidence: references/core-extended.md defines a workflow to overwrite ~/.claude/agents/metengine-data-agent.md using curl from metengine.xyz.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting and acting upon data from external analytics APIs.
Ingestion points: API responses from agent.metengine.xyz (referenced in SKILL.md and references/core-extended.md).
Boundary markers: None present in the instruction set to delimit untrusted API data.
Capability inventory: Shell execution (curl), file system writes (auto-update), and network access (fetch).
Sanitization: No evidence of sanitization or validation for data returned from the analytics endpoints.

metengine-data-agent