The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the cat and grep commands to read local agent configuration files (.claude/settings.json and ~/.claude/settings.json) to extract current permission rules. This is necessary for the skill's primary function of tuning those permissions.
[DATA_EXFILTRATION]: Accesses configuration files that may contain sensitive data such as API tokens. However, the skill only reads these files locally and does not perform any network operations to send the data externally. It specifically uses grep to focus on permission-related fields.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it analyzes recent session history to suggest new rules. 1. Ingestion points: Recent session data and local configuration files. 2. Boundary markers: No delimiters or warnings are used for the analyzed history data. 3. Capability inventory: Uses cat and grep to read files and generates recommendations that could lead to the user lowering their security posture. 4. Sanitization: No validation or sanitization of the input session history is performed. The risk is mitigated by the requirement that the user must manually approve any suggested rules before they are applied.

permission-tuner