The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses npx ccusage@latest across multiple commands in README.md and SKILL.md. This pattern downloads and executes the latest code from an external npm package authored by a third party (ryoppippy) at runtime. Executing unverified remote code without version pinning can lead to supply chain attacks if the external package is compromised.
[EXTERNAL_DOWNLOADS]: Fetches executable content from the public npm registry during normal operation.
[COMMAND_EXECUTION]: Executes shell commands including npx and shell substitutions like $(date +%Y%m%d) to generate reports.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from Claude Code logs.
Ingestion points: Reads JSON output from ccusage which contains project names, session IDs, and file paths (referenced in SKILL.md).
Boundary markers: No delimiters or instructions are provided to the agent to ignore instructions embedded within the usage data.
Capability inventory: The agent has the ability to execute shell commands (npx) as defined in SKILL.md.
Sanitization: There is no evidence of sanitization or filtering applied to the data returned by the usage tool before it is presented to the agent.

ccusage