The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to use various shell commands (e.g., ls, mkdir, cat, grep, find, mv) to manage session files. These commands are localized to the .agents/ directory and are used for routine tasks like creating headers, checking for file existence, and archiving old logs.
[PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface because it reads and processes existing session logs to 'Extract context' at the start of a session. If a previous session contains malicious instructions (either from external data processed then or via a previous injection), the agent may inadvertently follow those instructions when they are re-ingested.
Ingestion points: Content is read from .agents/SESSIONS/YYYY-MM-DD.md using cat and tail operations.
Boundary markers: The logs use standard Markdown formatting (headers and horizontal rules), but there are no explicit 'ignore embedded instructions' warnings for the context extraction phase.
Capability inventory: The skill has the capability to write to multiple files (SUMMARY.md, ARCHITECTURE.md, TODO.md) and execute shell commands for file management based on its interpretation of the logs.
Sanitization: There is no specified sanitization or filtering logic for the content retrieved from session history files.

session-documenter