The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive local files including session transcripts located in ~/.claude/projects/. These files contain a history of user interactions and agent responses. While the data is processed locally and via subagents, accessing session history is a form of sensitive data exposure.
[COMMAND_EXECUTION]: The skill executes several shell commands to manage files and list sessions, including ls, mkdir, and head. It also executes a Python script reduce-transcript.py located within the plugin's root directory (${CLAUDE_PLUGIN_ROOT}). These operations are part of the intended functionality for processing session data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from previous session transcripts.
Ingestion points: Reads .jsonl session transcript files from the ~/.claude/projects/ directory.
Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are used when passing transcript content to the subagents.
Capability inventory: The skill can execute shell commands (ls, mkdir, python3) and dispatch subagents with different models (Opus, Sonnet).
Sanitization: No sanitization or filtering of the transcript content is performed before processing by the conversation-reviewer or sonnet-general-purpose agents.

review-recent-sessions