The Agent Skills Directory

[DATA_EXFILTRATION]: The export script (scripts/export.sh) reads conversation history from ~/.claude/projects/, which often contains sensitive information such as source code, environment details, or credentials discussed in chat. While the sanitize_jsonl function in scripts/utils.sh attempts to redact secrets and personal paths using regular expressions, this approach is inherently incomplete and may leave sensitive data exposed in the exported JSON file.
[PROMPT_INJECTION]: The skill provides an ingestion point for untrusted data via the session import feature (scripts/import.sh). This creates a surface for indirect prompt injection. * Ingestion points: Conversation history is loaded directly from external JSON files into the agent's local session storage. * Boundary markers: There are no protective delimiters or instructions added to the imported history to prevent the agent from obeying commands embedded within the shared messages. * Capability inventory: The imported history is utilized by the Claude Code CLI, which has capabilities to execute shell commands and modify files. * Sanitization: The tool performs no content validation or filtering on the messages being imported, allowing a malicious actor to craft a 'history' that tricks the agent into performing unauthorized actions once the session is resumed.

session-share