The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill includes a surface for processing untrusted data from conversation transcripts.
Ingestion points: The script reads from ~/.claude/projects/*.jsonl and .entire/logs/entire.log to build the memory vault.
Boundary markers: The generated Markdown uses Obsidian callout syntax (> [!quote], > [!info], > [!example]) to separate user, assistant, and tool data.
Capability inventory: The script conversation_history.py is restricted to local file reading and writing. It does not perform network operations or execute arbitrary shell commands.
Sanitization: It implements a _callout_safe function that utilizes regular expressions to strip XML/HTML tags and convert markdown headers into bold text to prevent injected content from breaking the document structure.
[DATA_EXPOSURE]: The skill accesses local transcript files to perform its function.
Evidence: The script derives the path to Claude Code transcripts in ~/.claude/projects/ based on the repository root. This access is required for the stated purpose of bridging conversation history and does not target sensitive system credentials.

knowledge-graph-memory