The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes a local Node.js script located at ${CLAUDE_PLUGIN_ROOT}/src/tracker.js to generate the heatmap data from the current session activity.
[DATA_EXPOSURE]: The skill accesses session metadata (file interactions and token usage statistics) to provide feedback on context waste, which is consistent with its stated purpose.
[PROMPT_INJECTION]: An indirect prompt injection surface exists because the skill processes output from a script that analyzes session history.
Ingestion points: Output from the node command in SKILL.md.
Boundary markers: None present; the agent is instructed to present the heatmap output directly.
Capability inventory: Restricted to Bash and Read tools via the YAML frontmatter.
Sanitization: No explicit sanitization of the tracker's output is mentioned before being processed by the agent.

cco