The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment diagnostics, search for session files, and execute the claude CLI tool with the --dangerously-skip-permissions flag. It also references the execution of a local recovery script located at ~/.claude/tools/session-recovery.sh.
[DATA_EXFILTRATION]: The skill accesses sensitive user data by reading conversation history stored in ~/.claude/projects/*.jsonl. While this exposure is inherent to the session recovery use-case, it involves access to potentially sensitive personal or project-related information. No evidence of external transmission was identified.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests conversation history, which is technically untrusted data that could contain malicious instructions.
Ingestion points: Reads conversation history from JSONL files in ~/.claude/projects/ (found in SKILL.md and TROUBLESHOOTING.md).
Boundary markers: Absent; the session content is read without markers or instructions to ignore embedded agent commands.
Capability inventory: The skill possesses the Bash and Read tools, enabling a high degree of control over the file system and CLI operations.
Sanitization: Absent; no validation or filtering is performed on the content of the session files before the agent processes them.

session-recovery