The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The skill explicitly reads from sensitive terminal history files (~/.zsh_history and ~/.bash_history) in references/cli-history-mode.md. These files often contain sensitive information including API keys, passwords, and tokens passed via command-line arguments or environment variable exports. While the skill includes instructions for masking, the initial ingestion of these files into the agent's context constitutes a high-risk data exposure.
[PROMPT_INJECTION] (HIGH): Indirect Prompt Injection risk (Category 8). The skill's primary function is to ingest untrusted data from history.jsonl and session logs to generate new automation skills. 1. Ingestion points: ~/.claude/history.jsonl, ~/.zsh_history, and individual session .jsonl files. 2. Boundary markers: Missing or weak; instructions rely on LLM-based pattern recognition. 3. Capability inventory: Writing new executable files (SKILL.md) and executing bash/python scripts. 4. Sanitization: Partial regex-based sanitization for home paths and hashes in references/cli-history-mode.md, but lacks robust protection against adversarial instructions embedded in logs.
[COMMAND_EXECUTION] (MEDIUM): The skill utilizes a local Python script scripts/filter-history.py and complex shell pipelines (using awk, sed, and tail) to process local files. While these scripts do not appear to have external dependencies, they perform operations on untrusted data that could lead to unexpected behavior if log contents are maliciously crafted.

generating-skills-from-logs