The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a bundled command-line utility named flowctl located within the plugin's script directory (scripts/flowctl). This tool is used to enumerate legacy memory entries and add them to the new categorized system. This is a legitimate use of a vendor-provided tool for the skill's primary function.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes untrusted data from legacy markdown files to determine how they should be classified.
Ingestion points: The agent reads content from legacy files located at .flow/memory/pitfalls.md, .flow/memory/conventions.md, and .flow/memory/decisions.md (via flowctl memory list-legacy --json).
Boundary markers: There are no explicit boundary markers or "ignore instructions" prompts applied to the data retrieved from the legacy files during the classification phase.
Capability inventory: The skill possesses significant capabilities, including Bash for command execution (flowctl), Write for file creation, and Task for subagent management.
Sanitization: No sanitization or content filtering is performed on the legacy entries before they are analyzed for classification, which could allow maliciously crafted memory entries to influence agent behavior during migration.

flow-next-memory-migrate