The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes data from session logs and the MEMORY.md file, which are considered untrusted inputs.
Ingestion points: The skill reads MEMORY.md and dated logs in context/memory/ via the Read tool and grep commands in SKILL.md.
Boundary markers: Absent; there are no explicit instructions to the model to ignore potential instructions embedded within the memory files.
Capability inventory: The skill has access to Bash (executing kernel commands, git operations, and file manipulation), Write, and Read tools as defined in SKILL.md.
Sanitization: Absent; content is moved between files based on logic rules without sanitizing the text for embedded agent instructions.
[COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform administrative tasks.
Evidence: Executes python3 context/kernel.py to manage session state, locks, and event emission. These operations are part of the internal architectural logic of the memory management system.

session-memory-manager