The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/model_usage.py executes the codexbar CLI utility via subprocess.check_output. It uses a structured list of arguments, which is a secure implementation that prevents shell injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill metadata in SKILL.md specifies an installation step using Homebrew (brew cask) from the steipete/tap/codexbar repository to provide the necessary codexbar binary. Additionally, the documentation references a local install script ./bin/install-codexbar-cli.sh which is not included in the provided skill files.
[DATA_EXFILTRATION]: The skill accesses local usage logs from directories such as ~/.codex/ and ~/.config/claude/ to retrieve token and cost information. This data access is essential for the skill's primary purpose of summarizing usage and occurs entirely on the local system.
[PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes data from local logs or user-provided files. Evidence Chain: 1. Ingestion points: Data enters via codexbar JSON output or the --input file in scripts/model_usage.py. 2. Boundary markers: No delimiters or "ignore instructions" warnings are used to distinguish log content from agent instructions. 3. Capability inventory: The script uses subprocess.check_output to execute the codexbar CLI. 4. Sanitization: No escaping or validation is performed on model names or other strings retrieved from logs before including them in the summary output.

model-usage