The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs deep reconnaissance of the local filesystem to identify and read sensitive files. It targets configuration files containing API tokens (~/.claude.json, ~/.claude/env.sh) and searches for high-value secrets across the ~/dev/ directory, including SSH private keys (id_rsa, id_ed25519), PEM certificates, and various .env files, exposing their existence and content to the AI agent.
[COMMAND_EXECUTION]: Uses shell commands and inline Python scripts (via python3 -c) to programmatically search the filesystem, check file permissions, and parse structured configuration data containing system-level secrets.
[EXTERNAL_DOWNLOADS]: Initiates network connections to multiple external service APIs (including GitHub, HuggingFace, LinkedIn, Webex, and Splunk) to perform validation checks on authentication tokens retrieved from the local environment.
[PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by searching for and reading CLAUDE.md and SKILL.md files across multiple repositories (Steps 4 and 7). Malicious instructions embedded in these files could influence the agent's behavior during the audit. Evidence chain: (1) Ingestion points: ~/dev//CLAUDE.md and ~/dev/claude/skills//SKILL.md; (2) Boundary markers: Absent; (3) Capability inventory: Full shell execution, network requests, and filesystem read/write; (4) Sanitization: Absent.

security-audit