The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to run multiple shell commands to manage the claude-mem background service. This includes using curl to check the health of a local server on port 37777, using node to execute startup scripts from a local plugin cache directory (~/.claude/plugins/cache/...), and using system utilities like lsof, netstat, and cat for process monitoring and log inspection.\n- [DATA_EXFILTRATION]: While not exfiltrating to the network, the skill accesses sensitive local file paths to perform its functions, including reading the plugin settings file (~/.claude/settings.json), project-specific logs (~/.claude-mem/logs/), and the persistent SQLite memory database (~/.claude-mem/claude-mem.db). Exposure of these paths is a necessary part of the skill's function but constitutes access to user data.\n- [PROMPT_INJECTION]: The skill retrieves project history and observations from a persistent database and provides them to the agent. This creates an indirect prompt injection surface where malicious instructions stored in past sessions could influence current agent behavior.\n
Ingestion points: Data is ingested from the persistent database file ~/.claude-mem/claude-mem.db and the output of the get_observations and search tools.\n
Boundary markers: Absent. The skill does not define clear delimiters or warnings to separate memory content from system instructions.\n
Capability inventory: Subprocess calls via node, curl, cat, and other shell utilities in SKILL.md.\n
Sanitization: Absent. There is no logic provided to sanitize or filter the retrieved memory text before it enters the context.

claude-mem-orchestrator