The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use the rg (ripgrep) command-line tool to search through project memory files and session indices located in the $CODEX_HOME or ~/.codex directories.\n- [PROMPT_INJECTION]: The workflow involves ingesting data from past sessions, rollout summaries, and repository documentation. This creates a surface for indirect prompt injection, as malicious instructions in past logs could influence the audit findings or subsequent skill recommendations.\n
Ingestion points: MEMORY.md, rollout summaries, and raw session JSONL files (SKILL.md).\n
Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the analyzed logs are provided.\n
Capability inventory: Reading local files, executing search commands (rg), and transitioning to a skill creation workflow via a local file reference.\n
Sanitization: There is no evidence of sanitization or validation of the contents of session logs before they are processed by the agent.

project-skill-audit