The Agent Skills Directory

[PROMPT_INJECTION]: The skill extracts information by reading the full content of library files, which introduces an indirect prompt injection surface where instructions hidden in the data could influence agent actions. Ingestion points: Comprehensive reading of markdown files in '内容素材库' and other registered directories; Boundary markers: Not specified for ingested content; Capability inventory: Filesystem read, write, and globbing; Sanitization: None performed on external data.
[PROMPT_INJECTION]: The skill enables the agent to modify its own instructions and other skill definition files (e.g., CLAUDE.md) to integrate new libraries, allowing for persistent behavioral changes.

li-index