The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted data from interaction logs (user queries and skill outputs) which creates an attack surface for indirect prompt injection. Malicious instructions embedded in these logs could potentially influence the agent during analytics, scoring, or reporting tasks.\n- Ingestion points: user_query and output parameters in log_skill_invocation within SKILL.md and logic in references/scoring-rubric.md.\n- Boundary markers: No delimiters or specific instructions are implemented to distinguish untrusted log content from the analysis prompts.\n- Capability inventory: The skill is granted access to powerful tools including Bash, Write, Edit, and Grep.\n- Sanitization: The implementation uses parameterized SQL queries for database safety, but text content is not sanitized or filtered for natural language instructions before being processed by the agent.\n- [DATA_EXFILTRATION]: The skill aggregates potentially sensitive user interactions and agent outputs into a centralized local database, creating a single point of failure for sensitive data exposure.\n- Evidence: Database storage is defined at ~/.claude/skill_logs.db as seen in the Python implementation in SKILL.md.

skill-logger