The Agent Skills Directory

[COMMAND_EXECUTION]: The skill contains a 'Memory Protocol' that instructs the agent to run a shell command (cat .claude/context/memory/learnings.md) at the start and end of a session. This is a mechanism for maintaining learning state across resets by reading and writing to a specific local file path.
[PROMPT_INJECTION]: The skill operates on user-controlled Python files (matching **/*.py), which introduces an indirect prompt injection surface where malicious code comments or strings could attempt to influence the agent's behavior.
Ingestion points: Source code files identified by the **/*.py glob pattern in SKILL.md.
Boundary markers: The instructions do not specify the use of delimiters or clear separators to distinguish between the agent's instructions and the untrusted code being reviewed.
Capability inventory: The skill is configured with Read, Write, and Edit tools as seen in the YAML frontmatter of SKILL.md.
Sanitization: There is no evidence of input validation, escaping, or instruction-override protection for the data read from the user's codebase.

pandas-data-manipulation-rules