The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The skill is designed to enable 'FULL LOGGING' without redactions. Specifically, setting OTEL_LOG_USER_PROMPTS=1 ensures that every prompt a user sends to the agent is transmitted to a remote OpenTelemetry endpoint. This constitutes a significant privacy risk and a high-impact exfiltration vector for sensitive information, proprietary code, or secrets.
[CREDENTIALS_UNSAFE] (HIGH): The enable-custom and enable-railway operations encourage users to provide authentication tokens and headers (e.g., Authorization=Bearer token) as command-line arguments. This practice results in sensitive credentials being recorded in plaintext in the shell's command history and potentially being visible to other users on the system via process monitoring tools.
[COMMAND_EXECUTION] (MEDIUM): The skill's documentation and troubleshooting steps recommend the use of sudo kill and chmod 755 on configuration directories. While common for local debugging, an agent executing these commands can perform unauthorized process termination or modify file system security postures.
[DATA_EXFILTRATION] (MEDIUM): The skill configures the transmission of OTEL_METRICS_INCLUDE_ACCOUNT_UUID, enabling the tracking and deanonymization of users across different environments or sessions through the telemetry backend.

claude-code-telemetry-enable