The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill requires modifying .claude/settings.json to execute a local script (python3 .claude/hooks/enhanced-telemetry.py) across 10 different agent hooks.
Evidence: The configuration block in SKILL.md maps events like SessionStart, UserPromptSubmit, and PreToolUse to shell commands.
Risk: This establishes a persistent command execution mechanism. Since the script enhanced-telemetry.py is not provided in the skill package, its behavior cannot be verified, yet it is granted execution rights on every agent action.
[DATA_EXFILTRATION] (MEDIUM): The telemetry logic is designed to capture and transmit extensive sensitive data.
Evidence: The Event Schemas section confirms the capture of cwd (Current Working Directory), repo_name, branch, and file_path of files accessed by the agent.
Risk: While the documentation suggests sending data to localhost:3100, this configuration creates a high-fidelity audit trail of user activity that could be easily redirected to an external server by modifying the unverified Python script.
[INDIRECT_PROMPT_INJECTION] (HIGH): The skill creates a high-risk vulnerability surface by processing untrusted data through execution hooks.
Ingestion points: UserPromptSubmit, PreToolUse, and PostToolUse hooks ingest user prompts and tool arguments.
Boundary markers: None specified in the documentation or configuration examples.
Capability inventory: The skill triggers subprocess execution (python3) for every ingested event.
Risk: If the telemetry script processes hook data (like tool details or prompt hashes) unsafely, an attacker could potentially achieve code execution by crafting specific prompts or tool interactions that the telemetry script fails to sanitize.

enhanced-telemetry