The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill attempts to execute an external Python script located at ~/Downloads/Codebase/playground/claude-memory-ops/extract_ai_text.py. Since this script is an external dependency not bundled with the skill, its contents cannot be verified, posing a risk of arbitrary code execution.
[COMMAND_EXECUTION]: The skill uses shell commands like find and python3 to locate and process conversation logs across the user's home directory. It also uses touch to manage a state marker file at ~/.claude/.last-jsonl-extraction.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted conversation logs (.jsonl files). Instructions or malicious patterns embedded in past conversations could influence the agent's behavior during the extraction process.
Ingestion points: Files matching *.jsonl within $HOME/.claude/projects.
Boundary markers: None identified. The skill directly processes the output of the extraction tool.
Capability inventory: Subprocess execution (python3, find), filesystem write access (creating .md files in memory directories), and state management (touch).
Sanitization: The skill includes natural language instructions to avoid recording credentials or keys, but lacks technical sanitization or escaping of the ingested data.
[DATA_EXFILTRATION]: The skill systematically reads sensitive conversation history and project metadata from the .claude directory. While it does not demonstrate immediate network exfiltration, it concentrates this sensitive information into temporary files in /tmp/ and writes derived knowledge back to the memory system.

jsonl-digest