The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from session learning files in '.claude/cache/learnings/*.md'. (1) Ingestion Point: Markdown files in the learnings cache directory. (2) Boundary Markers: None present to distinguish instructions from data. (3) Capability Inventory: The skill has 'Bash', 'Write', and 'Edit' tools capable of system modification. (4) Sanitization: No sanitization or validation of the extracted patterns is performed before they are used to generate new system rules or executable scripts.
[COMMAND_EXECUTION]: The skill uses 'Bash' to dynamically generate shell scripts and registration entries. It also performs privilege escalation by using 'chmod +x' on newly created scripts in the '.claude/hooks/' directory, which allows for the persistence and execution of potentially unverified code.

compound-learnings