The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses the ~/.claude/projects/ directory to locate and read conversation logs. This directory contains highly sensitive information, including the user's interaction history, code snippets, and potentially any secrets or credentials disclosed during other AI sessions.- [COMMAND_EXECUTION]: Uses python3 -c to execute inline logic for parsing JSONL files. This dynamic execution is used to extract reasoning, thinking blocks, and tool usage from the monitored session logs.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection via the monitored logs.
Ingestion points: The TARGET_JSONL file, which contains messages and outputs from an external AI instance.
Boundary markers: There are no boundary markers or instructions to ignore embedded commands when processing the log content.
Capability inventory: The skill utilizes Bash (for git, find, and file statistics) and Read tools.
Sanitization: While the Python script parses the JSON structure, it injects reasoning and text snippets directly into the agent's current context without sanitization.

track