The Agent Skills Directory

History Data Processing: The skill accesses local session history (~/.claude/history.jsonl) and project-specific logs. This data is used to 'mine' recurring tasks and preferences. Reviewing this data is central to the skill's learning capability, though it involves processing logs that could contain sensitive information or untrusted inputs from previous conversations.
Indirect Prompt Injection Surface: By synthesizing instructions from past trajectories, there is a potential area for review where malicious or misleading content from historical sessions could be promoted into the agent's long-term memory or skills. The skill includes a validation gate to assess the performance of proposed changes before they are presented to the user.
Self-Modification of Behavioral Instructions: The skill generates proposed edits to CLAUDE.md and SKILL.md, which define the agent's identity and capabilities. This functionality allows the agent to evolve its own logic. Security is managed through a multi-stage process where changes are written to a staging directory for user inspection rather than being applied automatically.
Local Script Execution: It utilizes bundled shell scripts and Python modules to drive the optimization engine. These operations are executed within the local project environment to perform analysis and re-run tasks for validation purposes.

skillopt-sleep