The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it analyzes untrusted data from conversation history (such as code analysis, architecture discoveries, and business logic) to generate and save knowledge notes. Ingestion points: Recent conversation content and the optional topic argument in SKILL.md. Boundary markers: No specific delimiters or instructions to disregard embedded commands are used when processing the conversation history. Capability inventory: The skill utilizes mcp__graph-brain tools to search, get, and save knowledge in a graph database, and it performs local file system writes to log activity. Sanitization: The instructions do not define sanitization or validation steps for the content extracted from the conversation before it is persisted in the graph or written to the activity log.
[COMMAND_EXECUTION]: The skill performs local file system operations to manage its state within the project directory. It creates a .brain/ directory, appends JSON-formatted entries to an activity-log.json file, and updates the project's .gitignore file to exclude the logging directory from version control. These actions are used to maintain a persistent record of knowledge-saving actions across different user sessions.

brain-save