The Agent Skills Directory

[SAFE]: The skill does not contain executable code, scripts, or external dependencies. It consists entirely of instructional markdown and configuration metadata aimed at steering agent behavior and improving organizational habits.
[PROMPT_INJECTION]: The instructions utilize strong behavioral steering (e.g., "You are NOT a blind executor", "independent judgment") to define a more proactive persona. These directives are intended to foster critical thinking and task verification rather than bypassing safety protocols or extracting system prompts. The instruction to "DO NOT execute everything user asks" is framed as an architectural and safety review process.
[PROMPT_INJECTION]: The skill establishes an attack surface for indirect prompt injection by design. It mandates the storage of user-provided data (corrections, decisions, values) into persistent memory and local files (SESSION-STATE.md). If an attacker provides malicious instructions disguised as data, they could be stored and influence subsequent agent actions.
Ingestion points: User corrections, specified values (IDs, URLs), and decision logs processed in SKILL.md and references/MEMORY_MANAGEMENT.md.
Boundary markers: Not explicitly defined in the memory-writing protocols to separate user-contributed content from system state.
Capability inventory: Access to write/read session files and the persistent MCP memory tool.
Sanitization: The skill lacks explicit sanitization or validation rules for the data being committed to memory, relying on the underlying agent's default processing behavior.

mindful-precision