The Agent Skills Directory

[PROMPT_INJECTION]: The skill creates an Indirect Prompt Injection surface by reading and writing persistent memory files.
Ingestion points: The agent reads contents from .claude/memory/MEMORY.md and private memory directories before updating them.
Boundary markers: No delimiters or instructions are used to distinguish stored memory from active system prompts.
Capability inventory: The skill relies on file system read and write capabilities across the local project and home directories.
Sanitization: Content read from existing memory files is not sanitized or validated before processing.
[DATA_EXFILTRATION]: The skill explicitly instructs the agent to handle and store sensitive credentials such as passwords, keys, and tokens in local plaintext files. Although it attempts to isolate these from version control, plaintext storage on the local filesystem increases the exposure risk for sensitive information.

reflect-and-remember