The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command (cat .claude/context/memory/learnings.md) to retrieve state and context information. This is a standard procedure for context management in certain agent environments and is used here for benign state persistence.
[INDIRECT_PROMPT_INJECTION]: The skill represents a surface for indirect prompt injection because it is designed to ingest and process untrusted user code (ingestion point in SKILL.md instructions) while possessing powerful file manipulation capabilities (Read, Write, Edit tools). The instructions do not currently include explicit boundary markers or sanitization requirements for the code being analyzed, which could allow maliciously crafted code to influence the agent's behavior during the review process.

authentication-flow-rules