The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses several sensitive local files and databases to collect work history and configuration data.
Evidence: Scripts read from ~/.wakatime.cfg (containing API keys), ~/.claude/history.jsonl, ~/.codex/sessions/, and Cursor's internal SQLite database (state.vscdb) which contains prompt history and workspace information.
[COMMAND_EXECUTION]: The skill executes external system commands to extract repository data.
Evidence: The git_sessions.py script uses subprocess.run to execute git log commands on specified project paths.
[EXTERNAL_DOWNLOADS]: The skill communicates with an external API to retrieve productivity metrics.
Evidence: scripts/wakatime_fetch.py performs network requests to api.wakatime.com using urllib.request. It transmits the user's WakaTime API key for authentication, which is a well-known service for this purpose.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its ingestion of untrusted external data that is later rendered in reports.
Ingestion points: Git commit messages (git_sessions.py), Claude prompts (claude_messages.py), Codex prompts (codex_messages.py), and Cursor bubbles (cursor_messages.py).
Boundary markers: No explicit delimiters or boundary markers are used when interpolating this data into the generated HTML dashboard or Markdown report.
Capability inventory: The skill has the ability to write files to the project directory and perform network requests to WakaTime.
Sanitization: No sanitization or escaping of the ingested history data is performed before it is written to the final output files, potentially allowing malicious content in commits or prompts to influence the generated report's behavior or display.

time-lens