The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing natural language input and retrieving external data into the agent's context.
Ingestion points: User-provided Search query and content retrieved from vector databases (Pinecone, Qdrant), knowledge graphs (Graphiti), and local files located in ~/.claude-marketing/.
Boundary markers: The skill lacks explicit boundary markers or instructions to treat retrieved knowledge as passive data, increasing the risk that embedded instructions could influence agent behavior.
Capability inventory: The skill allows for local file system reads (profile.json, guidelines, SOPs), execution of memory-manager.py with arguments, and querying external database MCPs.
Sanitization: There is no evidence of sanitization or validation for the natural language query or the content returned from memory layers before it is presented to the user or processed by the agent.
[COMMAND_EXECUTION]: The skill processes logic that involves executing a local Python script memory-manager.py with command-line arguments (e.g., --action get-memory-status, --action search-local).
Evidence: The process documentation in SKILL.md explicitly describes running the script with specific actions. While these appear to be intended operations, the interpolation of user-supplied filters or queries into command arguments represents a potential injection surface if not handled securely by the underlying platform.

search-knowledge