The Agent Skills Directory

[DATA_EXFILTRATION]: The helper script scripts/fix_transcript_enhanced.py reads sensitive system configuration files (~/.zshrc, ~/.bashrc, ~/.bash_profile, ~/.profile) to automatically locate and extract API keys. These files frequently contain credentials and environment variables, and accessing them constitutes exposure of sensitive system data.
[COMMAND_EXECUTION]: Multiple components, such as scripts/ensure_deps.py and scripts/fix_transcript_enhanced.py, use the subprocess module to execute the uv package manager and call other internal scripts within the skill folder.
[REMOTE_CODE_EXECUTION]: The scripts/ensure_deps.py script provides instructions for the user to download and execute an installation script from astral.sh (the official domain for the uv tool) via a piped shell command (curl | sh). This is a documented installation method for a well-known developer tool.
[PROMPT_INJECTION]: The skill processes transcript files, which are considered untrusted external data, and interpolates them into LLM prompts via scripts/core/ai_processor.py. While the prompts include boundary markers and instructions to follow a specific format, there is an inherent risk of indirect prompt injection where malicious content in a transcript could attempt to override the agent's behavior during the correction process.
Ingestion points: Transcripts are read from the file system in scripts/cli/commands.py via the --input argument.
Boundary markers: The prompt in scripts/core/ai_processor.py uses headers like **需要修复的内容**： to delineate untrusted content.
Capability inventory: The skill can perform network operations (API calls) and file system writes.
Sanitization: No specific sanitization or escaping is applied to the transcript content before LLM interpolation.

transcript-fixer