The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive data by searching for and reading Claude Code session logs located in the user's home directory. These logs (~/.claude/projects/*.jsonl) contain the full history of user interactions, which may include proprietary source code, internal configuration, and other confidential data. Evidence: find ~/.claude/projects/ -name "*.jsonl".
[COMMAND_EXECUTION]: The workflow requires the agent to dynamically generate a Python script at a temporary location (/tmp/agent-guardrails-analyze.py) and execute it. While the script uses standard libraries, the creation and execution of code at runtime increases the risk of unintended command execution. Evidence: Step 2: Build and Run Analysis Script.
[PROMPT_INJECTION]: The skill processes untrusted data (past session logs) and includes excerpts from those logs in its report, creating a surface for indirect prompt injection. 1. Ingestion points: Claude Code session logs (~/.claude/projects/*.jsonl). 2. Boundary markers: The skill suggests using markdown blockquotes for excerpts, providing limited structural separation. 3. Capability inventory: Ability to execute shell commands and generate/run Python scripts. 4. Sanitization: No sanitization or filtering of the log content is specified before the excerpts are presented to the agent.

agent-guardrails-analyze