The Agent Skills Directory

[COMMAND_EXECUTION]: The skill defines a Stop hook that executes a local cleanup script (node ${CLAUDE_PLUGIN_ROOT}/scripts/learning-stop.js). This is an internal lifecycle command for the plugin and does not represent a security risk.
[SAFE]: The skill accesses local configuration files (like .claude/settings.local.json) to provide tailored optimization advice, which is consistent with its stated purpose.
[PROMPT_INJECTION]: The skill analyzes project data such as CLAUDE.md, which creates an indirect prompt injection surface. This is evaluated as safe given the context of a local development tool.
Ingestion points: Reads project-specific files including CLAUDE.md, .mcp.json, and the contents of the .claude/ directory.
Boundary markers: None explicitly defined.
Capability inventory: The skill has access to the Bash, Read, Write, Edit, Glob, and Grep tools.
Sanitization: No sanitization of the ingested data is specified in the skill body.

claude-code-learning