The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill interpolates user-provided parameters directly into shell commands. In SKILL.md (Step 1.1 and 3.1), the parameters {sessionId}, {agent-name}, and {debug-log-path} are passed to scripts like find-session-files.sh. If a user provides a malicious session ID (e.g., ; rm -rf / ;), it could lead to arbitrary command execution.
DATA_EXFILTRATION (HIGH): The skill is designed to read highly sensitive data from ~/.claude/, including session logs (.jsonl), debug traces (.txt), and agent transcripts. These files contain the full history of a user's interactions with the AI, including potentially sensitive code, environment details, and private prompts. Accessing these paths constitutes a high-risk data exposure.
REMOTE_CODE_EXECUTION (HIGH): The skill relies on external shell scripts located in ${baseDir}/scripts/. Since these scripts are not provided in the skill definition and are executed with user-supplied arguments, they represent a significant RCE vector if the environment is not strictly controlled or if the scripts themselves have vulnerabilities.
PROMPT_INJECTION (MEDIUM): In Category 8 (Indirect Prompt Injection), the skill parses external SKILL.md files and session logs to build a 'Comparison Table'. A maliciously crafted SKILL.md or a poisoned session log could contain instructions that influence the analysis logic or produce deceptive reports, potentially hiding malicious activity from the user.

session-analyzer