The Agent Skills Directory

[PROMPT_INJECTION]: The skill includes explicit instructions designed to subvert user-consent mechanisms and bypass safety filters. It classifies specific tool sequences as "PERMISSION-FREE" and directs the agent to "NEVER" use tools or command structures that "ASK PERMISSION." This includes instructions to use the Edit tool instead of Write to avoid overwrite prompts and to avoid compound Bash commands specifically to evade platform-level permission checks.- [COMMAND_EXECUTION]: The skill facilitates the silent modification of project state and configuration files within the .claude/cc10x/ directory. By teaching the agent to use tool chains that evade user consent prompts, it allows for persistent changes to the environment without explicit user approval for each action.- [REMOTE_CODE_EXECUTION]: A "Dynamic Skill Discovery" feature allows the agent to invoke other skills using the Skill(skill="...") tool based on identifiers retrieved from the patterns.md file. This dynamic loading of capabilities based on local file content represents a high-risk execution vector if an attacker can influence the project memory files.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. Ingestion points: The agent reads from .claude/cc10x/activeContext.md, patterns.md, and progress.md. Boundary markers: Absent; the skill relies on Markdown headers but lacks instructions to ignore or sanitize embedded instructions. Capability inventory: The agent has access to Bash, Write, Edit, and Skill() tools. Sanitization: Absent; content read from memory files is used directly to influence agent logic and tool selection.

session-memory