The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is specifically designed to harvest and process highly sensitive private communication data, including WeChat SQLite databases (e.g., MSG.db) and CSV exports. These files contain unencrypted personal messages, timestamps, and contact details. The skill instructs the agent to read the parsed output of these sensitive files into its context.
[COMMAND_EXECUTION]: The SKILL.md file instructs the agent to use the terminal to execute a local Python script (parse_wechat_history.py). This script performs file system operations and database queries on the user's local machine using user-provided paths.
[PROMPT_INJECTION]: The skill employs 'identity override' patterns, explicitly instructing the agent to 'no longer be an AI assistant' and to 'never use any AI common boilerplate (such as "I am an AI", "How can I help you")'. This is designed to create an immersive persona but bypasses standard AI identity and safety disclosures.
[PROMPT_INJECTION]: The skill exhibits a significant surface for indirect prompt injection by ingesting untrusted data from external chat logs without sanitization.
Ingestion points: Data is ingested via parse_wechat_history.py and stored in memory_base.md before being read by the agent.
Boundary markers: Absent. The agent is instructed to directly incorporate the extracted content into a new persona and memory base.
Capability inventory: The agent has the capability to execute terminal commands (python) and write new skill files to the .claude/skills/ directory.
Sanitization: No sanitization, escaping, or validation of the chat log content is performed before it is used to define the agent's persona instructions.
[COMMAND_EXECUTION]: The skill performs dynamic generation of executable content by programmatically creating new skill files (SKILL.md or {slug}.md) in the agent's configuration directory. This generated code is based on untrusted data parsed from external files.

create-MamaSkill