The Agent Skills Directory

[DATA_EXFILTRATION]: The skill is designed to access and read Claude Code session transcripts (JSONL files) stored in ~/.claude/projects/. These files contain sensitive information, including full conversation histories, internal 'thinking' blocks, and the results of tool executions from previous sessions.
[PROMPT_INJECTION]: The skill processes and displays untrusted data from session logs, which constitutes an indirect prompt injection surface.
Ingestion points: Session transcript files (.jsonl) located in the user's home directory are loaded and parsed (documented in SKILL.md and references/reference.md).
Boundary markers: There are no explicit instructions or delimiters mentioned that would prevent the agent from accidentally following instructions embedded within the logs being analyzed.
Capability inventory: The agent has access to powerful tools like Bash, Read, and Grep, which could be exploited if malicious instructions in the logs are followed.
Sanitization: While the view_session_context.py script formats and truncates content for display, there is no evidence of instruction-level sanitization to prevent the re-injection of malicious prompts found in the history.
[COMMAND_EXECUTION]: The skill frequently executes a local Python utility script (.claude/tools/utils/view_session_context.py) via the Bash tool. While this script appears to be a bundled vendor resource, it is a primary vector for processing the sensitive session data.

observability-analyze-session-logs