The Agent Skills Directory

[SAFE]: The skill manages internal workflow state by reading and writing to the .compozy directory. It incorporates safeguards against capturing sensitive information by instructing the agent not to store stack traces or large code blocks in memory files.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from workflow memory files.
Ingestion points: Shared workflow memory and current task memory files (referenced in SKILL.md).
Boundary markers: Absent; memory files are identified as mandatory context for the run.
Capability inventory: The skill involves file read and write operations on the local filesystem.
Sanitization: None; the content of the memory files is processed directly by the agent without escaping or validation.

cy-workflow-memory