The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Python script, memory-manager.py, with various arguments (--action get-memory-status, --action search-local) to manage memory layers and search local indexes. Running local scripts introduces risk if the script logic is not fully verified.
[DATA_EXFILTRATION]: The skill reads data from ~/.claude-marketing/, including brand profiles, compliance rules, and guidelines. While this data is used to inform the search results presented to the user, the access to paths outside the immediate project directory (the home directory) is a significant data exposure risk.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it retrieves data from external memory services (Pinecone, Qdrant, Graphiti) and local files without explicit sanitization.
Ingestion points: Data is ingested from ~/.claude-marketing/, external vector databases, and knowledge graphs.
Boundary markers: There are no specified boundary markers or instructions to the agent to ignore potentially malicious commands embedded in the retrieved search results.
Capability inventory: The skill possesses the ability to execute subprocesses via memory-manager.py and read from the file system.
Sanitization: The instructions do not define any sanitization, escaping, or validation steps for the retrieved content before it is presented to the agent or user.

search-knowledge