The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill references user-controlled files in 'my-vault/06 Knowledge Base/'. Ingestion points: External vault notes and user input; Boundary markers: None; Capability inventory: Restricted to writing JSON files to '.claude/learning-sessions/'; Sanitization: None. Malicious instructions in vault notes could influence the agent's teaching behavior but cannot perform actions outside the current context.
[Data Exposure] (SAFE): The skill manages its own state in an isolated local directory and does not attempt to access credentials or sensitive system files.

learning-system