The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): Shell command injection vulnerability in the execution logic. The ${FILTER} variable, derived from user input, is directly interpolated into a bash command (grep) without sanitization or proper escaping. An attacker could provide a malicious payload (e.g., \"; <command> #) to execute arbitrary code with the user's privileges.\n- [DATA_EXFILTRATION] (MEDIUM): Exposure of sensitive data from command history. The skill reads from ~/.claude-analytics/events.jsonl, which stores a log of previous command and skill usage. If a user previously executed commands containing secrets like API keys, tokens, or passwords, these sensitive strings are exposed to the agent and displayed in the report.\n- [PROMPT_INJECTION] (HIGH): Indirect prompt injection surface. 1. Ingestion point: ~/.claude-analytics/events.jsonl. 2. Boundary markers: Absent. 3. Capability inventory: Bash tool (arbitrary command execution). 4. Sanitization: Absent. Malicious instructions embedded in the analytics logs from previously run commands could be interpreted and followed by the agent when it processes the report output.

analytics-report