The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses highly sensitive session history logs and conversation metadata stored in private application directories. Evidence includes bash commands scanning and reading from paths such as ~/.claude/projects/, ~/.claude/sessions/, ~/.codex/sessions/, ~/.gemini/tmp/, and ~/.gemini/antigravity/implicit/. These files contain full conversation histories which may include private code, user data, or secrets discussed during sessions.
[COMMAND_EXECUTION]: Extensive use of shell commands to traverse the filesystem, extract data, and perform calculations. Tools used include stat, grep, sed, awk, bc, and kill. While intended for diagnostics, the capability allows broad access to the execution environment.
[EXTERNAL_DOWNLOADS]: Fetches configuration and reference documentation from the author's GitHub repository (https://raw.githubusercontent.com/levnikolaevich/claude-code-skills/master/skills/) via WebFetch if local files are missing.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes raw session data which could contain malicious instructions from previous untrusted inputs.
Ingestion points: Reads .jsonl, .json, and .pb session logs from multiple local agent directories in SKILL.md (Phase 1).
Boundary markers: Absent. The skill extracts data using keyword searches (e.g., grep -oE) without implementing delimiters or instructions to ignore embedded commands within the logs.
Capability inventory: Includes full Bash execution, Read/Write tools, and Agent tool for spawning sub-tasks.
Sanitization: Absent. Extracted content is processed as-is to determine severity and map fixes.

ln-002-session-analyzer