The Agent Skills Directory

[DATA_EXFILTRATION]: The skill instructs the agent to actively scan the filesystem for sensitive patterns including API keys, GitHub tokens, and passwords (documented in references/commands.md and references/workflow.md using the pattern grep -E "(sk-|ghp_|eyJh|bearer|password|secret)"). This sensitive data is then intended for storage and synchronization to a remote GitHub repository via the workflow described in references/sync.md.
[COMMAND_EXECUTION]: The skill establishes persistence and performs automated operations through the use of cron tasks (documented in references/sync.md), which execute shell commands, network operations, and file modifications on an hourly schedule. It also performs extensive file system operations such as directory creation, file movement, and symbolic linking across the home directory.
[PROMPT_INJECTION]: The skill creates an indirect prompt injection vulnerability by design, as it instructs the agent to read and incorporate the contents of multiple local files (such as INDEX.md, MEMORY.md, and journal entries) directly into the prompt context without sanitization or boundary markers.
Ingestion points: Files located in ~/.persistent-memory/ (e.g., INDEX.md, MEMORY.md, SOUL.md).
Boundary markers: None; content is read via cat and interpolated directly into the session.
Capability inventory: The skill has access to shell execution (cat, mkdir, grep, tar, git, ln), file system writes, and network access via git and gh CLI tools.
Sanitization: No filtering, escaping, or validation of the stored memory content is performed before it is presented to the agent model.

persistent-memory