The Agent Skills Directory

[DATA_EXFILTRATION]: The skill requires extensive read access to sensitive local files, including session logs (.jsonl) and project memory files (MEMORY.md) across multiple AI platforms (Claude Code, Cursor, Windsurf, etc.), which contain private conversation history and decision-making logic.
Evidence: Accesses paths like ~/.claude/projects/, ~/.cursor/projects/, and ~/Library/Application Support/Code/User/globalStorage/saoudrizwan.claude-dev/tasks/.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted historical data, such as past session logs and git commit messages. Malicious instructions embedded in these data sources could potentially influence the agent's behavior during the analysis phase.
Ingestion points: Reads conversation history from {session-id}.jsonl files and git logs.
Boundary markers: No explicit markers are defined to isolate potentially malicious content in the historical data being analyzed.
Capability inventory: The agent writes reports to the local file system and uses git and gh CLI tools.
Sanitization: No specific sanitization or filtering of historical messages is described before analysis.
[COMMAND_EXECUTION]: The skill executes various system commands to discover and analyze project data across the user's local workspace.
Evidence: Uses git log, find, gh repo list, and gh api calls to gather contribution and repository information.

agent-reference