The Agent Skills Directory

[DATA_EXFILTRATION] (LOW): The skill accesses ~/.claude/history.jsonl to extract session identifiers. Accessing chat history is a sensitive data exposure risk, but it is necessary for session summarization and the data is processed locally without external transmission.
[COMMAND_EXECUTION] (SAFE): Standard system utilities such as git, date, basename, and mkdir are used to gather metadata and prepare the vault directory. These commands are localized and perform no dangerous operations.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from previous chat sessions. 1. Ingestion points: ~/.claude/history.jsonl and the current session context. 2. Boundary markers: No explicit markers or instructions are provided to the agent to ignore instructions embedded within the history. 3. Capability inventory: The skill has the ability to execute shell commands and write files to the local disk. 4. Sanitization: There is no filtering or escaping of the ingested conversation data before it is processed for summarization.

done