The Agent Skills Directory

[DATA_EXPOSURE]: The skill reads session logs from standard local directories (~/.claude/projects/ and ~/.copilot/session-state/). This access is strictly limited to the skill's stated purpose of reviewing past interactions for learning purposes. No data is sent to external servers.
[INDIRECT_PROMPT_INJECTION]: The scripts ingest user-provided text from session logs which could theoretically contain malicious instructions. However, the risk is classified as safe because the ingestion source is the user's own local interaction history, and the skill has no network capabilities to facilitate exfiltration or further compromise.

session-review