The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements middleware and tools that retrieve external data (memories) and inject them into the agent's prompt context, creating a surface for indirect prompt injection. * Ingestion points: Data is ingested via client.context.get() (found in references/core.md) and automated through memoriesMiddleware and memoriesTools (described in references/ai-sdk.md). * Boundary markers: While the middleware prepends context to the system prompt, the documentation does not mandate the use of delimiters or specific instructions to prevent the agent from executing commands embedded in retrieved memories. * Capability inventory: The SDK provides significant capabilities, including full CRUD operations on memories, management of 'skill files' (stored procedures), and administrative access to keys and tenants (referenced in references/core.md). * Sanitization: There is no mention of sanitization or filtering mechanisms for retrieved content before it is interpolated into the prompt.
[EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the vendor's official SDK packages and associated AI libraries from the public npm registry. * Evidence: Commands to install @memories.sh/core, @memories.sh/ai-sdk, ai, and @ai-sdk/openai are provided in the reference files.

memories-sdk