The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and summarizes untrusted data from historical session logs.\n
Ingestion points: The scripts/claude_session_handoff.py script reads JSONL files from the ~/.claude/projects/ directory.\n
Boundary markers: Absent. The instructions in SKILL.md do not include guidance for using delimiters or warnings when the agent reconstructs the handoff summary from session content.\n
Capability inventory: The agent has access to system utilities like ls, rg, and git, which could be targeted if the session logs contain malicious commands disguised as historical context.\n
Sanitization: Absent. While the helper script filters metadata and system messages, it does not escape or validate the text content of messages for embedded instructions.\n- [COMMAND_EXECUTION]: The skill requires the execution of a local Python helper and standard command-line tools to perform environment inspection and log parsing.\n
The use of subprocess.check_output in tests/test_claude_session_handoff.py is appropriate for automated testing of a CLI tool and does not represent a security risk within the provided test context.

claude-session-handoff