The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection (Category 8) by persisting session data that could contain malicious instructions. \n- Ingestion points: The skill instructs the agent to summarize the entire session context, which may include data from untrusted sources like web pages or third-party files. \n- Boundary markers: No explicit delimiters or instructions are used to isolate or escape the summarized text in the .claude/handoff.md file. \n- Capability inventory: The skill requires file-writing capabilities to maintain .claude/handoff.md and update MEMORY.md. \n- Sanitization: There are no instructions to sanitize or validate session content before persisting it to disk, allowing potentially harmful instructions to be re-ingested in future sessions.

wrap-up-ritual