The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads the ~/.claude/history.jsonl file, which contains sensitive user interaction data, project names, and pasted code snippets. This information is summarized and transmitted to an external Slack workspace via Rube MCP tools. While intended for personalized reporting, this pattern involves reading highly sensitive local data and sending it to a remote service, which could be exploited for exfiltration.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted historical data from chat logs. Ingestion points: Data is ingested from ~/.claude/history.jsonl (fields: display, pastedContents). Boundary markers: No delimiters or instructions to ignore embedded commands are present to separate the data from the analysis logic. Capability inventory: The agent uses RUBE_SEARCH_TOOLS, RUBE_MANAGE_CONNECTIONS, and RUBE_MULTI_EXECUTE_TOOL to interact with HackerNews and Slack. Sanitization: There is no evidence of sanitization or filtering of the historical chat content before it is processed.

developer-growth-analysis