The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes shell commands including ls, find, and grep to audit project structures and search for documentation files. This is standard behavior for its stated purpose of reconciling documentation and code.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it reads and processes untrusted data from project files.
Ingestion points: Reads README.md, docs/*.md, and other markdown files discovered via find commands (specified in SKILL.md).
Boundary markers: None identified; the instructions do not include delimiters or warnings to ignore embedded instructions within processed files.
Capability inventory: Uses ls, find, and grep via shell, and standard file manipulation tools (Edit, Write, Delete).
Sanitization: No evidence of input validation, escaping, or sanitization of the content extracted from documentation before it is written to memory or project roots.
[DATA_EXPOSURE]: The skill accesses platform-specific configuration and memory paths (e.g., ~/.claude/projects/, ~/.config/opencode/, ~/.openclaw/) to reconcile agent memory across sessions. While these directories are outside the project root and contain sensitive session data, this access is fundamental to the skill's primary utility of managing agent knowledge.

neat-freak