The Agent Skills Directory

[COMMAND_EXECUTION]: The script executes a local utility .claude/tools/cli/auto-embed.cjs to perform vector database queries. This is part of the intended functionality for interaction recall and uses local file paths.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection where adversarial content stored in the perpetual memory (e.g., from a compromised previous session) is retrieved and injected into the current agent prompt.
Ingestion points: Data is ingested from the perpetual_memory LanceDB table via the queryMemory function in scripts/main.cjs.
Boundary markers: Retrieved context is wrapped in markdown headers (## Recalled Context) but lacks explicit instructions for the agent to ignore any embedded directives within that specific block.
Capability inventory: The script itself is restricted to read operations and console output; however, the agent receiving the context may have broader tool access that could be targeted by the injected text.
Sanitization: The text is truncated to 200 characters to manage context size, but no filtering or escaping for prompt injection patterns (like 'Ignore previous instructions') is performed on the stored memory content.

auto-recall