The Agent Skills Directory

[DATA_EXPOSURE]: Accesses highly sensitive user data including session logs, debug traces, and agent transcripts located in the ~/.claude/ directory. These files contain a complete history of user interactions, tool calls, and potentially sensitive information captured during previous sessions. (Evidence: SKILL.md Phase 1, scripts/find-session-files.sh)
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from session logs which can contain malicious instructions from previous sessions.
Ingestion points: Reads from ~/.claude/projects/*.jsonl and ~/.claude/debug/*.txt via analysis scripts.
Boundary markers: Absent. No delimiters or instructions are used to separate log data from agent instructions during analysis.
Capability inventory: The skill has access to shell execution and broad file system reading capabilities across the project and local environment.
Sanitization: Absent. Log content is parsed directly using grep and awk without escaping, filtering, or validation. (Evidence: scripts/extract-hook-events.sh, scripts/extract-subagent-calls.sh)
[COMMAND_EXECUTION]: Executes shell scripts that use powerful tools like find, grep, and xargs on files within sensitive user directories, which could be exploited if malicious filenames are encountered. (Evidence: scripts/ directory scripts)

wrap-analyzer