The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell utilities including grep, cut, tail, and head to process local files. It also relies on the entire CLI (entire status, entire explain) for session management and checkpoint analysis.
[DATA_EXFILTRATION]: The agent reads session transcripts and metadata files located in .git/entire-sessions/ and tool-specific directories. These files contain the history of previous interactions, which may include code, configurations, or other sensitive user data.
[PROMPT_INJECTION]: The skill ingests historical transcript data to generate compaction summaries. This creates a surface for indirect prompt injection where instructions present in past conversation logs could influence the agent's behavior during the handoff process.
Ingestion points: Local transcript files (JSONL) identified via session metadata stored in .git/entire-sessions/.
Boundary markers: No explicit delimiters are specified to isolate the untrusted transcript data during the extraction phase.
Capability inventory: Execution of shell commands, filesystem access via agent tools, and interaction with the entire CLI.
Sanitization: Transcript content is processed and summarized without explicit sanitization or filtering of potential instruction-like strings.

session-handoff