The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses highly sensitive directory paths, including ~/.claude/settings.json, ~/.claude/commands/, and ~/.claude/agents/. These locations are used by the Claude Code CLI to store user-specific configurations, slash command definitions, and agent instructions, which can contain sensitive environmental data or credentials.\n- [COMMAND_EXECUTION]: The skill makes extensive use of powerful shell commands including rsync, cp, bash, and sed. Notably, the rsync --delete operation is destructive, as it will remove any files in the target directory that do not exist in the source, potentially leading to accidental data loss in the repository folder.\n- [COMMAND_EXECUTION]: The skill executes a bundled shell script, scripts/after-sync.sh, to perform post-processing on synchronized files. This script utilizes sed with a regular expression to modify the contents of settings.json.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: The skill facilitates the ingestion of arbitrary files from the user's home configuration directory into the workspace. While this is the intended purpose of the sync tool, the ability to read sensitive system paths combined with file-write capabilities in the local project creates a data exposure surface.\n
Ingestion points: Multiple subdirectories and files within ~/.claude/ (commands, skills, agents, settings.json).\n
Boundary markers: None; the content of the files is treated as raw data during the sync process.\n
Capability inventory: rsync, cp, bash, sed, diff, git status, mkdir.\n
Sanitization: The skill includes a post-sync script (after-sync.sh) designed to find and replace absolute home directory paths with portable placeholders ({CLAUDE_PATH}), which helps prevent the accidental leakage of the user's local username.

sync-with-claude