The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection vulnerability surface. Its build, save, and sync operations are designed to ingest and 'distill' content from untrusted project files (e.g., Markdown documentation, package.json, and other configuration files) into a persistent .agent-memory/ store. Because these summarized memories are treated as authoritative context in subsequent sessions, malicious instructions placed in source documents could be promoted into the agent's long-term operational guidelines.
Ingestion points: The Build and Save operations in SKILL.md scan all project Markdown files and configuration manifests to generate memory entries.
Boundary markers: The skill uses YAML frontmatter to organize its internal memory files, but the instructions do not include specific delimiters or 'ignore' commands to protect against malicious instructions embedded within the project files being processed.
Capability inventory: The skill possesses the capability to read project files and write to canonical instruction files like AGENTS.md and CLAUDE.md, which serve as entry points for agent behavior.
Sanitization: No explicit sanitization, validation, or instruction-filtering logic is defined for the content extracted from external documents.

agent-memory