The Agent Skills Directory

[External Downloads] (MEDIUM): The skill automatically installs external plugins from a non-trusted repository.
Evidence: SKILL.md contains the command npx skills add ai-native-camp/camp-1 --agent claude-code --yes.
Risk: The organization 'ai-native-camp' is not in the trusted sources list, and the '--yes' flag bypasses user confirmation during installation.
[Command Execution] (MEDIUM): The instructions encourage the agent to install system-level utilities if missing.
Evidence: references/block3-history-insight.md instructs the user/agent: "Claude에게 'jq를 설치해줘'라고 요청하세요. 자동으로 설치해줍니다."
Risk: Automating system package installation (like jq) can be used as a vector for broader system compromise if the package manager is subverted.
[Data Exposure] (LOW): The skill directs the agent to access and read session logs which may contain sensitive historical data.
Evidence: references/block3-history-insight.md points to ~/.claude/projects/ as the storage for all conversation history.
Risk: While intended for 'insight', an agent with access to the full history of all sessions could inadvertently expose secrets or personal data stored in those logs.
[Indirect Prompt Injection] (LOW): The skill's primary function is to process untrusted data from session history and user-created files.
Evidence Chain:
Ingestion points: ~/.claude/projects/ (Session logs) and .claude/skills/my-session-wrap/SKILL.md (User-created content).
Boundary markers: Absent; there are no instructions to ignore embedded commands within the logs.
Capability inventory: Bash execution, network access via curl, and filesystem write access.
Sanitization: Absent; the skill does not include validation for the content of the logs it analyzes.
[Network Operations] (LOW): The skill suggests using curl to fetch information from external URLs.
Evidence: SKILL.md states: "공식 문서를 curl로 파일에 저장한 뒤 Read 툴로 꼼꼼히 읽고 정확한 정보로 다시 답한다".
Risk: Standard network operation to retrieve documentation, categorized as low risk given the context.

day4-wrap-and-analyze