The Agent Skills Directory

[COMMAND_EXECUTION]: The plugin utilizes the system shell to execute internal Python scripts for its hook-based architecture (e.g., capture_learning.py, check_learnings.py) and invokes the 'claude' CLI binary to perform semantic analysis tasks. These executions are local and essential for the plugin's primary functionality.
[EXTERNAL_DOWNLOADS]: The skill interacts with the 'claude' command-line interface, which is a well-known developer tool from Anthropic. It uses this tool to process semantic classification requests, which is considered a safe interaction with a known service.
[PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks because it extracts information from conversation logs (JSONL files in ~/.claude/projects/). Malicious instructions previously sent in a conversation could be captured as a 'learning'. However, the skill implements a robust mitigation by requiring manual user approval (AskUserQuestion) before any extracted learning is written to CLAUDE.md or other memory files.
Ingestion points: Reads conversation history from ~/.claude/projects/*.jsonl and current user prompts in capture_learning.py.
Boundary markers: Uses template markers in semantic_detector.py (e.g., Message: "{text}") for the analysis prompt.
Capability inventory: Permissions include Read, Edit, Write, and Bash, used to manage memory files and run helper scripts.
Sanitization: Relies on semantic analysis and subsequent human review to filter out non-actionable or malicious content.

claude-reflect