The Agent Skills Directory

[PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill performs semantic search over a memory corpus (.claude/context/memory/*.{md,json}) that aggregates decisions and findings from previous agent sessions. If malicious instructions are stored in these files (e.g., via a poisoned PR description or learning), they could be retrieved and influence future agent behavior. 1. Ingestion points: Local memory files in the memory directory. 2. Boundary markers: Absent; search results and content previews are presented as plain text without delimiters. 3. Capability inventory: Bash tool access and file read capabilities. 4. Sanitization: No validation or filtering of retrieved memory content is performed.

memory-search