The Agent Skills Directory

[SAFE]: The skill manages session restoration by reading from the ~/.smtm/sessions/ directory. This is a functional requirement for the skill and does not involve accessing sensitive system credentials or private user configurations like SSH keys or cloud provider tokens.
[SAFE]: The workflow incorporates a strong human-in-the-loop checkpoint in Step 5. The instructions explicitly mandate that the agent must stop and wait for user direction after presenting the restored state, preventing the automated execution of any potentially malicious instructions that might be embedded in the loaded data.
[SAFE]: Analysis for potential indirect prompt injection (Category 8):
Ingestion points: Local snapshot files located in ~/.smtm/sessions/{project}/ (referenced in SKILL.md).
Boundary markers: The skill formats data into a structured markdown summary but lacks specific security delimiters for the parsed content sections.
Capability inventory: The skill itself does not utilize dangerous capabilities such as shell execution, dynamic code evaluation, or network requests.
Sanitization: The project slug is sanitized using the basename command, while the content of the snapshot sections is presented to the user as a summary.
[SAFE]: No obfuscation, persistence mechanisms, or unauthorized privilege escalation attempts were detected in the skill's instructions.

money-restore