The Agent Skills Directory

[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it ingests untrusted data from the AI_MEMORY/L2_行为层/ directory. * Evidence Chain: 1. Ingestion point: All files in AI_MEMORY/L2_行为层/ (SKILL.md). 2. Boundary markers: None identified. 3. Capability inventory: Reads local files and writes to L3_认知层/ and Meta/复盘记录.md. 4. Sanitization: No evidence of input filtering or escaping before processing behavior logs.

mem-monthly