The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates a persistent memory system that processes session transcripts (which contain untrusted user input) to generate markdown memory blocks. These blocks are subsequently loaded into the system prompt of future sessions via @import directives.
Ingestion points: transcripts are read from ~/.claude/projects/*/*.jsonl in references/agents/sleep-extract.md.
Boundary markers: The skill does not implement delimiters or 'ignore' instructions when processing or reloading memories.
Capability inventory: The background agents use Write and Bash tools to manage the memory filesystem and execute logic.
Sanitization: No explicit filtering or sanitization of transcript content is performed before it is committed to persistent storage.
[COMMAND_EXECUTION]: Multiple shell scripts are used for initialization and session management. The init.sh script programmatically modifies the global ~/.claude/settings.json file to install a persistence hook. Additionally, the launch.sh script includes an --unsafe flag that, when used, bypasses standard permission prompts in the underlying agent CLI.
[DATA_EXFILTRATION]: The skill's architecture involves accessing and reading sensitive local data, specifically session transcripts and configuration files, to maintain its memory state. While no network exfiltration was detected, the scope of file system access is broad.

team-memory