The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by recording user-provided mistake descriptions and root causes into the agent's persistent memory files.
Ingestion points: User-provided descriptions and root causes captured through the $ARGUMENTS variable or interactive prompts in SKILL.md.
Boundary markers: Absent; the skill appends user content to markdown files in the .groove/memory/learned/ directory without using delimiters to separate untrusted data from the agent's instructions.
Capability inventory: The skill has access to file system operations (Read, Write, Edit) and shell execution (restricted Bash access to git and beans) as specified in the SKILL.md file.
Sanitization: No sanitization, validation, or escaping of the user-provided text is performed before it is written to the persistent storage.
[COMMAND_EXECUTION]: The skill invokes external command-line utilities to manage tasks and version control.
Evidence: Uses the Bash tool with restricted prefixes to execute git commands and beans commands for task tracking, including listing, creating, and updating incidents.

groove-utilities-memory-mistakes