The Agent Skills Directory

[SAFE]: No malicious patterns detected. The skill performs its stated function of auditing local token usage logs by aggregating metadata and token counts from local session files.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing and displaying external log data.
Ingestion points: Session logs are read from local directories (~/.codex/sessions, ~/.claude/projects) in scripts/collect_token_usage.py via the collect_sessions function.
Boundary markers: The rendered Markdown and JSON reports do not use explicit delimiters or instructions to help the agent distinguish between usage data and the surrounding prompt context.
Capability inventory: The agent has access to Read, Write, Edit, Bash, and Glob tools, providing a broad capability tier.
Sanitization: Log fields such as model, session_id, and git_branch are extracted and rendered directly into the output report. Malicious content present in these fields within the source logs could potentially influence agent behavior when the report is processed.

token-usage-auditor