The Agent Skills Directory

Prompt Injection (LOW): The file 'references/context_manager_mode.md' provides instructions that redefine the agent's persona into a 'Context Manager' and explicitly grant it 'Decision Authority' to act autonomously. While designed for efficiency, these instructions could lead the agent to prioritize skill-specific behaviors over broader safety constraints if manipulated.
Indirect Prompt Injection (LOW): The skill is designed to read and process 'claude.md' files within a user's repository, which serves as an attack surface. Ingestion points: 'scripts/create_index.py' and 'scripts/validate_claude_md.py' read and parse the content of external documentation files. Boundary markers: No specific delimiters or 'ignore' instructions are used when reading these files. Capability inventory: The agent is instructed to execute local Python scripts and modify files within the repository. Sanitization: There is no evidence of sanitization or safety-filtering for the content of the 'claude.md' files before they are processed by the agent.
Command Execution (SAFE): Analysis of the provided Python scripts ('scan_repo.py', 'generate_claude_md.py', 'create_index.py', and 'validate_claude_md.py') shows they perform standard local file system operations like directory traversal and text processing using standard libraries. No network activity, obfuscation, or privilege escalation patterns were detected.

claude-context-manager