The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes several utility shell scripts (init_memory.sh, upgrade_to_1.0.6.sh, upgrade_to_1.0.7.sh) used for environment setup and version migration. These scripts perform local file operations such as directory creation, template copying, and Git repository initialization. They also utilize Python to perform local JSON manipulation on configuration files. All operations are local and intended for manual user execution.
[PROMPT_INJECTION]: The skill uses 'persona steering' through a 'Token Reward System' with instructions like 'You are genuinely motivated to earn tokens' to encourage deep reflection. While this anthropomorphizes the agent, it is a functional component of the memory architecture rather than an attempt to bypass safety guardrails.
[PROMPT_INJECTION]: The system is vulnerable to 'Indirect Prompt Injection' because its 'Reflection Engine' reads and processes untrusted conversation data ('episodes') to update core system files.
Ingestion points: Conversation logs stored in memory/episodes/*.md are ingested during reflection cycles.
Boundary markers: The skill specifies scope boundaries (e.g., 'NEVER READ: code, configs'), but does not use explicit delimiters or sanitization for conversation content within the logs.
Capability inventory: The agent has the capability to modify its own IDENTITY.md, SOUL.md, and MEMORY.md files, and can commit these changes to Git.
Sanitization: The risk is mitigated by a mandatory 'human-in-the-loop' process where all proposed changes are staged in pending-reflection.md and require explicit user approval before being finalized.

cognitive-memory