muninn

The skill is classified as suspicious due to its aggressive and persistent use of prompt injection techniques to control the AI agent's behavior. While the injected content (found in `SKILL.md`, `dist/index.js`, `dist/middleware.js`, and persistently written to project files like `CLAUDE.md` and `.cursorrules` by `dist/project_manager.js`) is designed to enforce the skill's intended workflow for local memory management, this level of agent control represents a significant vulnerability. There is no evidence of intentional data exfiltration, backdoor installation, or other malicious activities, but the methods used to dictate agent behavior are highly manipulative.