The Agent Skills Directory

[DATA_EXFILTRATION]: The script scripts/session_brief.py reads local conversation logs from ~/.claude/projects/ and transmits them to external LLM providers (Google Gemini or Anthropic via CLI) to generate summaries. Past conversations may contain sensitive data or credentials. \n- [COMMAND_EXECUTION]: The skill invokes several system binaries using subprocess.run. \n
scripts/media_optimizer.py executes ffmpeg and ffprobe to validate and compress media files. \n
scripts/gemini_tts.py attempts to play audio through system players like mpv, paplay, aplay, or ffplay. \n
scripts/session_brief.py calls the claude and gemini CLI tools for summarization and edge-tts for speech synthesis. \n- [PROMPT_INJECTION]: The skill faces risk from indirect prompt injection as it ingests and processes untrusted multimedia content. \n
Ingestion points: scripts/gemini_batch_process.py, scripts/document_converter.py, and scripts/media_optimizer.py process external audio, video, image, and PDF files. \n
Boundary markers: None. Prompts lack delimiters or instructions to ignore instructions embedded within the media content. \n
Capability inventory: The skill has the ability to execute system commands and read local files, which increases the impact of a successful injection. \n
Sanitization: No validation or sanitization is performed on content extracted from media before it is sent to the model.

ai-multimodal