The Agent Skills Directory

[PROMPT_INJECTION]: Indirect prompt injection surface via persistent file reading. The skill implements a PreToolUse hook that automatically reads the first 30 lines of task_plan.md before every tool call. This creates a feedback loop where untrusted content written to the plan (e.g., from web search results) is repeatedly re-injected into the agent's context. Ingestion point: task_plan.md via hook. Boundary markers: Absent in hook command. Capability inventory: Bash, Write, Edit. Sanitization: Documentation-based warnings only.
[DATA_EXFILTRATION]: Local session data exposure. The session-catchup.py script is designed to locate and read JSONL session logs stored in ~/.claude/projects/. This exposes historical conversation data and tool outputs from previous sessions to the current agent context for state recovery.
[COMMAND_EXECUTION]: Local script execution. The skill executes Shell and PowerShell scripts for initialization and status monitoring. The Stop hook runs check-complete.ps1 with the -ExecutionPolicy Bypass flag to ensure execution on Windows systems. Additionally, SKILL.md provides instructions for running session-catchup.py via the local Python interpreter.

planning-with-files