The Agent Skills Directory

[Data Exposure] (MEDIUM): The skill's primary function is to read from ~/.claude/projects/. According to the documentation in SKILL.md, these session files may contain 'API keys or credentials' and 'Company-specific information'. Accessing these files is a high-severity action because session history often captures sensitive environment variables and secrets used during development. The severity is set to MEDIUM as this access is the primary intended purpose of the skill.
[Unverifiable Script Execution] (MEDIUM): The skill documentation provides commands to execute local Python scripts (scripts/analyze_sessions.py and scripts/recover_content.py). The content of these scripts is not included in the provided file set, meaning their internal logic, file-handling methods, and network behavior cannot be verified.
[Indirect Prompt Injection] (LOW): The skill processes untrusted content stored in previous session history files (JSONL format). If a previous session contained malicious instructions or deceptive code, these could be misinterpreted by the agent during the recovery process. Evidence Chain: 1. Ingestion point: ~/.claude/projects/*.jsonl files containing historical user/assistant turns. 2. Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are mentioned for the processing logic. 3. Capability inventory: Scripts perform recursive file searches, JSONL parsing, and writing recovered content to disk. 4. Sanitization: The skill suggests manual user-driven sanitization via grep and sed rather than automated sanitization within the scripts.

claude-code-history-files-finder