The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/search.sh executes a shell command that calls an external binary resolver (resolve-binary.sh) to run a search tool named ch-search. While this is the intended functionality of the skill, it involves subprocess execution with user-supplied search queries.
[INDIRECT_PROMPT_INJECTION]: The skill processes and displays snippets from past conversations stored in ~/.claude/projects/. This introduces a potential attack surface for indirect prompt injection if those past conversations contain malicious instructions designed to influence the agent when retrieved.
Ingestion points: Past conversation history located in ~/.claude/projects/ as described in SKILL.md.
Boundary markers: None identified in the instructions for isolating search result snippets from the current prompt context.
Capability inventory: Execution of shell scripts and binaries (scripts/search.sh) as described in the command usage.
Sanitization: No explicit sanitization or filtering of the retrieved conversation snippets is mentioned in the provided documentation or scripts.

conversation-search