The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected in the skill instructions or associated Python scripts.
[DATA_EXPOSURE]: The skill accesses session logs located in ~/.claude/projects/. This access is essential for its primary function of feedback analysis. The skill implements a --no-snippets flag to allow users to omit potentially sensitive text from the generated reports, following data minimization principles.
[PROMPT_INJECTION]: While the skill processes untrusted user input from session logs, it uses static keyword matching for classification and does not generate prompts or execute instructions found in the logs, mitigating the risk of indirect prompt injection. 1. Ingestion points: scripts/analyze.py reads session history from ~/.claude/projects/**/*.jsonl via the parse_session function. 2. Boundary markers: Absent; the tool parses log entries directly using keyword heuristics. 3. Capability inventory: The skill is restricted to local file reading and writing. No network access, subprocess execution, or dynamic code evaluation (eval/exec) capabilities are present in the scripts. 4. Sanitization: The _build_event function truncates user message snippets to 200 characters. While no complex sanitization is performed, the risk is negligible as the data is used for local metric tracking and not as part of an execution pipeline within this skill.

session-feedback-analyzer