The Agent Skills Directory

[DATA_EXFILTRATION]: The server component in apps/server/src/index.ts is configured with overly permissive Cross-Origin Resource Sharing (CORS) headers.
Evidence: The server explicitly sets Access-Control-Allow-Origin: '*' for all incoming HTTP requests.
Risk: This configuration allows any website visited in the user's browser to make requests to the local server and read the response data, potentially exposing the agent's interaction history.
[DATA_EXFILTRATION]: The WebSocket streaming endpoint (/stream) lacks origin verification and authentication.
Evidence: The WebSocket open handler in apps/server/src/index.ts immediately sends the last 50 events to any connecting client without checking the Origin header or requiring a token.
Risk: A malicious script on an external website could establish a WebSocket connection to ws://localhost:4000/stream and steal real-time agent logs.
[COMMAND_EXECUTION]: The skill relies on executing local TypeScript files as hooks for Claude Code.
Evidence: SETUP.md and settings.json.example instruct users to configure capture-all-events.ts as a command-type hook for various agent lifecycle events.
Context: While this is a standard extension mechanism for Claude Code, it involves executing arbitrary logic on the host system whenever the agent performs a tool operation.
[INDIRECT_PROMPT_INJECTION]: The skill acts as a data consumer for untrusted agent output, creating a surface for indirect prompt injection attacks.
Ingestion points: Event data is ingested from JSONL files in ~/.claude/history/raw-outputs/ via apps/server/src/file-ingest.ts.
Boundary markers: No boundary markers or 'ignore' instructions are used when processing the data for display.
Capability inventory: The server has filesystem read/write access (via Bun.write and appendFileSync) and network capabilities.
Sanitization: The Vue 3 client uses standard template escaping, but the ChatTranscript.vue component lacks specific filters for instructions embedded within the chat data.

agent-observability