The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted content from memory files to perform high-level abstractions and merging, which constitutes a vulnerability surface for indirect prompt injection.
Ingestion points: Target files include MEMORY.md, .claude/state/personal-memory.md, and project-specific memory files identified through globbing.
Boundary markers: The skill lacks explicit boundary markers or instructions to isolate the content of these files during the interpretation and consolidation phases.
Capability inventory: The skill utilizes Write, Edit, and Bash tools, granting it the ability to modify, overwrite, or delete system files based on the processed content.
Sanitization: No sanitization, validation, or escaping of the input memory entries is performed before they are processed or used to generate new abstractions.
[COMMAND_EXECUTION]: The skill employs Bash scripts for synchronizing local state with shared memory locations, which includes destructive operations.
Evidence: Phase 4 includes a workflow that uses shell commands to mirror directories, specifically using rm to delete files in shared directories that no longer exist locally and performing automated Git operations (git add, git commit).

memory-cleanup