The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill uses the Bash tool to execute Git commands (git add, git commit, git push) and navigate the file system. It also reads and writes a state file in the user's home directory (~/.claude/reflect-skill-state.json).
[DATA_EXFILTRATION] (MEDIUM): The workflow performs a git push origin main, sending local skill modifications to a remote repository. Because these modifications are derived from potentially sensitive conversation history, there is a risk of exfiltrating private data included in session summaries or proposed skill updates.
[PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it analyzes untrusted conversation data to generate executable instructions for other skills.
Ingestion points: Conversation history, specifically user corrections and preferences identified in Step 2.
Boundary markers: Absent; the skill does not use delimiters to isolate untrusted session data from the instructions used to modify skill files.
Capability inventory: Bash (command execution and remote push), Edit (modification of skill files).
Sanitization: None; the skill relies entirely on the user to review the proposed changes before they are committed and pushed.

reflect