The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the kaizen-duckdb MCP tool to execute SQL queries and the Grep tool for pattern matching. These operations are performed on local files to count tool invocations, calculate elapsed times, and summarize error counts.
[DATA_EXFILTRATION]: The skill accesses sensitive local file paths including ~/.claude/projects/ (session JSONL history) and /tmp/claude-*/tasks/ (agent output transcripts). This access is necessary for the skill's primary purpose of meta-inspection. No network tools are enabled in the allowed-tools configuration, preventing external exfiltration of the data.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data sourced from agent transcripts which could contain adversarial content.
Ingestion points: Files located in /tmp/claude-*/tasks/*.output and ~/.claude/projects/*/*.jsonl via DuckDB read_ndjson_auto and Grep.
Boundary markers: The skill contains explicit instructions to "Return raw facts only" and "Do NOT analyze, interpret, or recommend," which limits the agent's interaction with the data content.
Capability inventory: Uses execute_query (DuckDB SQL), Read, Grep, and Glob (file system operations).
Sanitization: The skill relies on strict output formatting (structured QUERY/SOURCE blocks) and instructions to filter specifically for strings and numbers as a mitigation against executing instructions embedded in the logs.

meta-inspector