The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill is configured to read an API key from a specific local file path: ~/.claude/.secrets/ccterrybot-telegram. Accessing hardcoded secret storage paths for automated retrieval is a security risk that can lead to credential exposure if the environment or file permissions are compromised.
[DATA_EXFILTRATION]: The skill sends the content of Claude Code session transcripts to an external API endpoint (MiniMax 2.5). These transcripts contain the full history of user interactions, assistant responses, and tool outputs, which often include proprietary code, internal file paths, and potentially sensitive data or credentials inadvertently leaked during the session.
[COMMAND_EXECUTION]: The execution model requires running a local TypeScript script using the bun runtime: bun run $HOME/eon/cc-skills/plugins/devops-tools/scripts/session-blind-spots.ts. This pattern executes logic from a script file located in the user's home directory.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it ingests and processes untrusted session logs containing previous assistant and user turns.
Ingestion points: Session history files located in ~/.claude/projects/*//*.jsonl.
Boundary markers: The skill documentation mentions the use of 'anti-echo prompt boundaries' to mitigate transcript-induced confusion, but these do not prevent adversarial instructions embedded in the logs.
Capability inventory: The skill uses Bash, Agent, Read, Grep, and Glob tools, providing a significant capability surface if the analysis LLM is influenced by injected instructions.
Sanitization: Implements 'noise stripping' (removing base64 and system reminders) which reduces payload volume but does not filter for malicious instructions within the transcript's natural language blocks.

session-blind-spots