The Agent Skills Directory

Persistence Mechanisms (MEDIUM): SKILL.md contains a launchd plist configuration for a 24-hour auto-trigger, which schedules recurring command execution on the host system.
Data Exposure (LOW): The cli-evaluator.md component profiles the system by checking for the existence and health of numerous binaries across common system paths like ~/.local/bin and /opt/homebrew/bin.
Indirect Prompt Injection (LOW): The skill ingests and processes local files from ~/.claude through various scripts, creating an attack surface for embedded instructions. Evidence Chain: 1. Ingestion points: archive-pruner.py and redundancy-detector.py read file content via Path.rglob. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are provided to the agent. 3. Capability inventory: Use of Bash, Write, Task, and Edit tools across scripts. 4. Sanitization: Basic regex tokenization is used with no escaping or filtering of external content.
Command Execution (LOW): Integration and hook tests (e.g., test_hook_integration.sh and component_audit.sh) execute shell scripts and binaries to validate system state.

refactor