The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires the agent to execute local Node.js scripts (analyzers/claude-code.mjs and analyzers/codex.mjs) to parse session history. While these are part of the skill, executing local scripts on system logs is a sensitive operation.
[DATA_EXFILTRATION]: The analyzer scripts access private session transcript files located in ~/.claude/projects/ and ~/.codex/sessions/. These logs contain the full history of the user's interactions with the AI, which may include source code, API keys, or other sensitive information.
[EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to search the 'skills' ecosystem using npx skills find and install new skills using npx -y skills add. This facilitates the execution of external, unverified code based on automated recommendations generated from session data.
[PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8). Since it processes session logs—which may contain untrusted data from previous web searches or file reads—an attacker could embed malicious instructions in the session history. These instructions could then be extracted by the analyzer and influence the agent's behavior during report generation or when recommending new skills for installation.
Ingestion points: Reads session logs from ~/.claude/projects/*.jsonl and ~/.codex/sessions/*.jsonl in both claude-code.mjs and codex.mjs.
Boundary markers: No explicit delimiters or instructions are used to treat the parsed session content as untrusted data during analysis.
Capability inventory: The skill uses shell execution for analysis (node) and ecosystem management (npx), and file-system writes to generate the report (cp template.html).
Sanitization: While the HTML template uses escapeHtml for the final report view, the agent processes the raw JSON data to generate summaries and anomalies, providing a vector for instruction following.

session-compound