The Agent Skills Directory

[PROMPT_INJECTION]: The skill utilizes authoritative language and override markers ("IMPORTANT: You MUST", "ALWAYS start", "NEVER skip") to force the agent to follow a specific workflow, which is a technique typically flagged as an attempt to bypass or override default operational behavior.
[PROMPT_INJECTION]: The skill incorporates user-supplied data through the $ARGUMENTS variable into tool call templates without sufficient sanitization or isolation, creating a surface for indirect prompt injection.
Ingestion points: User input is ingested via the $ARGUMENTS variable in SKILL.md.
Boundary markers: The input is wrapped in double quotes in the instructions, but lacks formal sanitization or explicit "ignore instructions" delimiters to prevent malicious payloads within the data from influencing the agent.
Capability inventory: The skill utilizes memory.recall and several specialized memory tools, and explicitly allows for code exploration using Read, Grep, and Glob tools.
Sanitization: There is no evidence of input validation, filtering, or sanitization before the user-provided topic is passed into the tool queries.

check-memory