The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive file paths located in the user's home directory to retrieve Claude Code session history. Evidence: The script scripts/generate.py scans and reads files from ~/.claude/projects/*/ to extract session data. Context: This behavior is aligned with the skill's primary purpose of visualizing conversation logs, and no external network transmission of this data was detected.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion and rendering of untrusted data from session logs. Ingestion points: Conversation logs containing human input and tool results are read from ~/.claude/projects/*.jsonl in scripts/generate.py. Boundary markers: No specific boundary markers or 'ignore' instructions are used during the data parsing process. Capability inventory: The script performs local file reads, writes an HTML output file, and automatically opens it in the default system web browser via webbrowser.open(). Sanitization: The script uses json.dumps() to embed session data into an HTML template; however, there is no evidence of HTML sanitization for the actual content of the messages or tool results, which could allow malicious payloads (e.g., tags) embedded in a session log to execute in the context of the generated viewer.

view-team-session