The Agent Skills Directory

[External Downloads] (MEDIUM): The setup scripts (setup-unix.sh and setup-windows.ps1) perform a global installation of the ccstatusline package via npm install -g. This package is sourced from an unverified repository (github.com/otzgo/statusline) and is not part of the trusted organizations list.
[Command Execution] (MEDIUM): The scripts programmatically modify the Claude Code configuration file (~/.claude/settings.json) to register ccstatusline as a status line command. This creates a persistent execution hook where the agent runs this third-party utility every time the status line is rendered.
[Indirect Prompt Injection] (MEDIUM): The skill creates an attack surface by configuring the agent to pipe internal state data (model names, context usage) into an external command. Because the tool is unverified, there is a risk that it could process or exfiltrate this data if the utility were compromised.
[Data Exposure] (LOW): The scripts access and modify sensitive configuration files located in ~/.claude/ and ~/.config/. While necessary for the skill's operation, programmatic modification of agent settings should be monitored.

claude-code-statusline