The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements a workflow for writing user-supplied information into persistent context files (AGENTS.md, CLAUDE.md, .cursorrules) that are automatically loaded into the agent's environment. This presents a risk of indirect prompt injection where malicious or conflicting instructions could be made persistent within the project's operational context.- Ingestion points: Information is ingested through user triggers like '记一笔' (take a note) or when the agent identifies a project-specific setting.- Boundary markers: The skill uses a specific comment block  to identify and delimit its content within target files.- Capability inventory: The skill performs file-writing operations on critical root-level documentation files that influence agent behavior across sessions.- Sanitization: The workflow relies on user review (step 4) but lacks automated sanitization or verification of the content being injected into the persistent context.

cs-note