The Agent Skills Directory

[COMMAND_EXECUTION]: The skill mandates a "One Script Per Agent" approach where all shell operations (grep, find, jq, etc.) are bundled into a single script file in /tmp/ and executed as a single bash call. This is explicitly designed to minimize user confirmation prompts ("confirmation fatigue"). While efficient, this practice reduces granular visibility and oversight of the individual commands being executed by the agent.
[DATA_EXFILTRATION]: The skill is designed to read and analyze session logs located in ~/.claude/projects/. These files contain full histories of user interactions, which may include source code, environment details, and potentially sensitive information or secrets discussed in previous sessions.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes session log data (.jsonl files) that can contain arbitrary instructions or adversarial content from previous sessions. * Ingestion points: Session logs at ~/.claude/projects//*.jsonl. * Boundary markers: No explicit delimiters or instructions are used to treat log content as data rather than instructions. * Capability inventory: The skill uses bash to execute generated scripts and has Write/Edit permissions on the local filesystem. * Sanitization: No sanitization or validation of the log content is performed before processing.

retrospective