The Agent Skills Directory

[DATA_EXFILTRATION]: The skill's primary function is to read and analyze AI agent session logs and transcript files stored in the local file system, exposing potentially sensitive data to the agent.
Evidence: references/discovery-rubric.md lists sensitive paths such as ~/.codex/sessions/, ~/.claude/projects/, and ~/.gemini/.
Evidence: scripts/scan_sessions.py specifically parses these files, which contain the full history of user interactions with various AI models. This history often includes proprietary code, personal information, and potentially hardcoded secrets from past development sessions.
[COMMAND_EXECUTION]: The skill uses a local Python script to perform the data processing and file system scanning.
Evidence: SKILL.md instructs the agent to run scripts/scan_sessions.py.
Evidence: The script iterates through the file system to locate and read log files across multiple agent platforms.
[PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data by processing logs of past conversations, creating a surface for indirect prompt injection.
Evidence: scripts/scan_sessions.py extracts user and assistant messages from logs. If these logs contain malicious payloads from prior (compromised) interactions, they could influence the current agent's analysis or skill-drafting behavior.
Ingestion points: ~/.codex/sessions/**/*.jsonl, ~/.claude/projects/**/*.jsonl, etc.
Boundary markers: Absent.
Capability inventory: The agent can read files and execute the scanning script (scripts/scan_sessions.py) as instructed in SKILL.md.
Sanitization: A sanitize function in scripts/scan_sessions.py attempts to redact emails and some API key patterns, but it does not prevent instruction injection.

skill-miner