The Agent Skills Directory

[PROMPT_INJECTION]: The 'Memory Protocol' section in SKILL.md establishes mandatory instructions for the agent to read and write state to specific files in .claude/context/memory/. This creates a persistence mechanism that could be used to store and execute malicious instructions across different sessions if the agent is fed malicious input during an incident analysis.- [COMMAND_EXECUTION]: The skill's frontmatter enables the Bash tool, and the body provides templates for executing sensitive commands like kubectl get pods, psql, and redis-cli FLUSHDB. These tools provide high levels of access to production environments which poses a risk if the agent is manipulated via indirect injection.- [DATA_EXFILTRATION]: Suggested monitoring commands query database connections and cluster events. These commands can expose sensitive operational metadata and potentially PII if database records are queried, which could be exfiltrated if the agent is directed to send output to external URLs.- [PROMPT_INJECTION]: The 'Iron Laws' and 'MANDATORY' sections in SKILL.md use strong imperative language to override standard agent behavior regarding task completion and documentation, which is a pattern often seen in prompt injection attempts to ensure obedience to skill-specific rules over system safety guidelines.

on-call-handoff-patterns