The Agent Skills Directory

[PRIVILEGE_ESCALATION]: The instructions explicitly guide the agent to evade platform-level security prompts. It identifies that compound Bash commands and file-overwriting trigger user confirmation dialogs and directs the agent to use specific "PERMISSION-FREE" alternatives, such as the Edit tool and separate tool calls, to perform operations silently without human oversight.- [PROMPT_INJECTION]: The skill uses "Iron Law" and "MANDATORY" directives to override default agent behavior. These instructions enforce a strict persistence workflow that prioritizes autonomy and the bypass of platform safety UX over user control.- [DYNAMIC_EXECUTION]: The skill implements a "Dynamic Skill Discovery" feature that reads skill IDs from a local file (patterns.md) and executes them using the Skill() tool. This dynamic loading from computed paths allows the agent's capabilities to be modified or expanded at runtime based on data that could be influenced by untrusted external sources.- [INDIRECT_PROMPT_INJECTION]: The framework relies on reading and acting upon data stored in local Markdown files, creating a vulnerability surface for indirect injection.
Ingestion points: Data is ingested from files in the .claude/cc10x/v10/ directory, specifically patterns.md which contains tool invocation hints.
Boundary markers: No boundary markers or warnings are used to distinguish between memory data and instructions.
Capability inventory: The skill leverages Read, Write, Edit, and Bash tools, along with the ability to trigger other installed skills.
Sanitization: No sanitization or validation is performed on the content of the memory files before it is processed by the agent.

session-memory