The Agent Skills Directory

[DATA_EXFILTRATION]: The skill performs broad discovery and read operations on sensitive user directories to locate session history. It searches for files such as *.jsonl, *.db, and *.sqlite in locations like ~/.<tool-name>/ and ~/.local/share/. These files contain private interaction history and user preferences.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests raw, historical conversation data to generate persistent configuration rules for the agent. This allows potentially malicious instructions from a past session to influence the agent's long-term behavior.
Ingestion points: Historical logs in *.jsonl, *.db, *.sqlite, and *.json formats (SKILL.md, Step 1.1).
Boundary markers: Absent; the skill analyzes raw message content without explicit delimiters or instructions to ignore embedded commands.
Capability inventory: File system search (Read), database/log parsing, and persistent configuration modification (Edit) via the CLAUDE.md and AGENTS.md files.
Sanitization: Absent; the process extracts signals based on keywords and frequency without validating the safety or origin of the extracted instructions.
[COMMAND_EXECUTION]: The skill instructs the agent to use file system tools to traverse directories, search for configuration files, and perform edits across multiple system layers (User, Project, and Submodule levels), which can lead to unintended configuration changes if the logic is manipulated.

auto-extract