The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses bash to manage background services via launchctl and pkill. It provides templates to create and load persistent LaunchAgents in the user's Library directory, which is a standard method for establishing persistence on macOS.\n- [CREDENTIALS_UNSAFE]: Explicitly identifies the location of sensitive Google OAuth access and refresh tokens at ~/.claude/tools/gmail-tokens/. It also describes workflows for accessing client credentials stored in a 1Password vault.\n- [DATA_EXFILTRATION]: Provides commands to read the contents of OAuth token JSON files and audit logs using cat and tail, which could expose authentication secrets or private user data if misused.\n- [PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection through the monitoring of application logs.\n
Ingestion points: Reads bot stderr logs and NDJSON audit logs via tail and cat.\n
Boundary markers: None present for log file content.\n
Capability inventory: Full bash access, file manipulation, and process control via launchctl.\n
Sanitization: No validation or sanitization is performed on log content before it is processed or displayed.

bot-process-control