The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/model_usage.py executes the codexbar CLI tool via subprocess.check_output. The command arguments are constructed using a fixed list where the provider variable is strictly validated against a whitelist of choices (codex, claude), preventing arbitrary command injection.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the codexbar CLI through a third-party Homebrew tap (steipete/tap/codexbar). While this is the official distribution method for the tool, it introduces a dependency on an external repository not included in the trusted vendors list.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection if it processes maliciously crafted cost logs.
Ingestion points: The load_payload function in scripts/model_usage.py reads JSON-formatted usage data from user-specified files or standard input.
Boundary markers: The script output does not use delimiters or instructions to prevent the agent from obeying instructions that might be embedded in model name fields within the logs.
Capability inventory: The skill's capabilities are limited to reading local files and executing the codexbar binary; it does not have network access or the ability to write to the filesystem based on the data processed.
Sanitization: While the script validates the JSON structure, it does not sanitize or escape string content (such as model names) before printing it to the console for agent consumption.

model-usage