The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes included Python scripts (recent_chats.py and search_conversations.py) to manage and query the conversation database. This execution is limited to the skill's own scripts within the plugin directory and serves its core functionality.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves past user and assistant messages which may contain untrusted instructions. If a past session contains malicious instructions, they could be re-introduced into the agent's current context during recall.\n- Ingestion points: Conversation data is read from the local database via scripts/recent_chats.py and scripts/search_conversations.py.\n- Boundary markers: The output is structured with Markdown headers and role labels (e.g., User:, Assistant:) as implemented in scripts/formatting.py, but it lacks explicit 'ignore instructions' delimiters around retrieved historical text.\n- Capability inventory: The skill is authorized to use Bash, Read, Grep, and Glob tools as specified in the SKILL.md frontmatter.\n- Sanitization: Database-level sanitization is applied to Full-Text Search terms in scripts/memory_lib/content.py to prevent FTS/SQL syntax errors, but the message content itself is not filtered for prompt injection markers.

recall-conversations