The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's core functionality is to collect local Claude Code session logs from ~/.claude/projects/ and upload them to an external S3 bucket (s3://eonlabs-findings). These logs contain complete conversation histories, including user input and assistant responses, which may harbor sensitive code, secrets, or internal data.
[CREDENTIALS_UNSAFE]: Multiple scripts (scripts/s3_upload.sh, scripts/retrieve_artifact.sh) and templates programmatically retrieve AWS credentials via the 1Password CLI (op read) using a specific item path (op://Claude Automation/ise47dxnkftmxopupffavsgby4). This permits the agent to obtain live cloud credentials at runtime.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute extensive shell scripts that perform session archaeology, Brotli compression, and S3 synchronization. This includes generating git commit messages with embedded shell commands designed for artifact retrieval.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing and displaying untrusted session log data.
Ingestion points: Reads conversation entries from .jsonl files in ~/.claude/projects/ within scripts/search_sessions.sh, scripts/uuid_tracer.sh, and references/archaeology-scripts.md.
Boundary markers: Absent. Log content is extracted and displayed to the agent or used in decision-making without isolation delimiters or instructions to ignore embedded prompts.
Capability inventory: Access to Bash (permitting aws and op CLI usage), Read, and Grep tools.
Sanitization: Uses jq for structure parsing, but the textual content of the messages is not sanitized or filtered for malicious instructions before being returned to the agent's context.

session-chronicle