The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to perform shell operations using git to maintain context continuity. It specifically mandates that any changes to context files (such as CONTEXT.md or REFERENCE.md) must be committed and pushed to the remote repository within the same invocation. To mitigate risk, it includes a strict 'Scope Rule' requiring the agent to stage only specifically modified files and avoid workspace-wide operations.
[DATA_EXFILTRATION]: The instructions involve transferring local file content to a remote repository using git push. This is the intended primary function for enabling cross-session memory. The risk is managed by protocols that restrict the transfer to project-specific context files rather than sensitive system files.
[INDIRECT_PROMPT_INJECTION]: The skill's architecture is centered on the agent reading and rewriting structured markdown files, which presents a surface for indirect prompt injection if those files are modified by external parties to include malicious instructions.
Ingestion points: The agent is instructed to read CONTEXT.md, REFERENCE.md, and historical logs in sessions/ to establish project state.
Boundary markers: The instructions rely on Markdown headers and a defined line-budget (e.g., ≤150 lines) to delimit sections, but do not specify explicit ignore-instruction delimiters.
Capability inventory: The skill grants the agent the ability to read and write local files and execute git synchronization commands.
Sanitization: There is no explicit requirement for sanitizing or escaping the content within the context files before they are processed by the agent.

synthesis-context-lifecycle