The Agent Skills Directory

[SAFE]: The skill uses local markdown files for logging, which is a standard and benign use case. All included bash and JavaScript/TypeScript scripts are utility-focused and include safety checks such as path traversal prevention.
[PROMPT_INJECTION]: The skill processes data from tool outputs and user corrections to update project documentation (e.g., CLAUDE.md). This creates a surface for indirect prompt injection. * Ingestion points: .learnings/ markdown files and tool output environment variables. * Boundary markers: XML tags () are used in reminders to delineate system guidance. * Capability inventory: Standard file system access through shell utilities (mkdir, cat, grep). * Sanitization: The extract-skill.sh script validates file paths, but the content of the captured learnings is not specifically sanitized for instruction-like patterns before promotion.
[EXTERNAL_DOWNLOADS]: The documentation references installation via the ClawdHub registry and Git repositories. These are standard distribution channels for agent skills and do not pose a direct threat.
[COMMAND_EXECUTION]: The skill includes bash scripts for environment hooks and a skill extraction utility. These perform safe file system operations and output reminder text to the terminal.

self-improvement