The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts new-session.sh and resume-in-vscode.sh utilize AppleScript (osascript) and the system clipboard (pbcopy/pbpaste) to automate GUI actions and execute arbitrary shell commands in Ghostty, VS Code, and Cursor. \n- [COMMAND_EXECUTION]: scripts/bootstrap-claude-setup.js performs system modifications, including initializing git repositories using child_process.execSync. \n- [COMMAND_EXECUTION]: The skill establishes persistence on macOS via a launchd configuration (com.claude.tracker-watch.plist) that runs a monitoring daemon in the background. \n- [REMOTE_CODE_EXECUTION]: scripts/new-session.sh invokes the claude CLI with user-defined prompts via the -p flag, which executes code within the Claude Agent SDK environment. \n- [EXTERNAL_DOWNLOADS]: The skill depends on multiple external files that are not provided in the source code, including ~/.claude/lib/tracker-utils.js, update-active-projects.py, and claude-tracker-watch. This renders the skill's complete logic unverifiable. \n- [DATA_EXFILTRATION]: Several scripts access and search sensitive data stored in ~/.claude/projects/, including full conversation transcripts (.jsonl) and project metadata. \n- [PROMPT_INJECTION]: The skill processes untrusted session logs and is vulnerable to indirect prompt injection. \n
Ingestion points: search-sessions.js and detect-projects.js read and parse .jsonl transcript files. \n
Boundary markers: No explicit delimiters or safety instructions are used when parsing historical session content. \n
Capability inventory: The skill possesses the ability to execute shell commands, write files, and spawn new agent sessions. \n
Sanitization: Only basic pattern filtering for system logs is implemented, which is insufficient to prevent instruction injection from within session data.

claude-tracker-suite