The Agent Skills Directory

[DATA_EXFILTRATION]: Accesses sensitive session transcripts and chat history located in paths such as ~/.claude/projects/ and ~/.codex/sessions/. These files contain historical interaction data, which may include private user information, proprietary data, or credentials shared in past conversations.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from session logs and external SKILL.md files.
Ingestion points: Processes *.jsonl transcript files and SKILL.md files from multiple local directories (~/.claude/, ~/.codex/, ~/.agents/).
Boundary markers: No markers or delimiters are defined to isolate the processed data from the agent's instructions, potentially allowing instructions embedded in logs to influence current behavior.
Capability inventory: Utilizes bash and python3 to execute file scanning and analysis logic.
Sanitization: No sanitization of input transcripts or external skill files is performed before they are integrated into the analysis context.
[PROMPT_INJECTION]: Contains strong imperative instructions aimed at overriding default agent behavior and forcing specific logic paths, such as 'You MUST run ALL 8 dimensions,' 'do not skip any,' and 'do not skip [dimensions 4.2, 4.3, 4.5b, and 4.8].'
[COMMAND_EXECUTION]: Employs shell commands and Python scripts to dynamically scan local directories and read file contents across multiple platform-specific directories.

skill-optimizer