The Agent Skills Directory

[COMMAND_EXECUTION]: The script executes the llm CLI for generating embeddings and the claude CLI for resuming sessions. These are performed using subprocess.run and os.execvp with argument lists, which is a safe practice that prevents shell command injection.
[DATA_EXFILTRATION]: The skill transmits summaries of session content to the Gemini API (via the llm tool) to create embeddings. This is the primary function of the skill and targets a well-known, trusted service.
[PROMPT_INJECTION]: The skill indexes data from local Claude session logs which may contain untrusted data if shared projects are indexed. This creates a surface for indirect prompt injection where malicious instructions in a log might be seen and followed by the agent during a search.
Ingestion points: Reads .jsonl session files from the user's ~/.claude/projects/ directory (scripts/session_finder.py).
Boundary markers: Absent; summaries are presented as plain text without explicit delimiters to the agent.
Capability inventory: Includes command execution (llm, claude), file system access (read/write), and SQLite database operations.
Sanitization: Content is truncated for brevity but is not filtered for potential instruction injection patterns.

session-finder