The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection surface identified as the skill processes untrusted data from Claude's memory layers and chat history. 1. Ingestion points: memory_user_edits, Memory Summary, Project Summary, and Project Instructions (referenced in SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: memory_user_edits (remove, replace). 4. Sanitization: All modifications are gated behind explicit user confirmation. The risk is assessed as safe because auditing this data is the core purpose of the utility.\n- [SAFE]: The skill operates entirely within the Claude.ai environment using native tools. No external network communication, hardcoded credentials, or unauthorized data exfiltration patterns were detected.\n- [SAFE]: Strong safety constraints are implemented, including a mandatory refusal of full memory reset commands and a 'Zero changes without confirmation' policy that ensures the user remains the final authority on all memory edits.

memory-auditor-chat