The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses and copies AI conversation logs from ~/.claude/projects/ and ~/.codex/sessions/ to the project root. These logs contain the complete history of user interactions with the AI, which may include proprietary code, internal project discussions, or other sensitive information.\n- [DATA_EXFILTRATION]: Telemetry data is sent to a remote endpoint (_CONVEX_URL) via curl based on configurations found in ~/.superstack/config.json. This occurs during both the launch and completion phases of the skill workflow.\n- [COMMAND_EXECUTION]: The skill executes multiple bash scripts to collect system metadata, parse project history using git, and run a bundled export script (export-session.sh) to locate and copy session files.\n- [DATA_EXFILTRATION]: The skill reads local project files including README.md, package.json, and Cargo.toml, as well as git log and git remote information, to assemble a grant application draft.\n- [PROMPT_INJECTION]: The skill processes untrusted local data from the working directory (such as project context files and git history) to generate text for the application. This presents a surface for indirect prompt injection where malicious content in those files could manipulate the agent's output.

apply-grant