The Agent Skills Directory

[DATA_EXFILTRATION]: The skill collects extensive diagnostic data that includes sensitive user information. Specifically, it reads Claude Code conversation history logs from the user's home directory (~/.claude/projects/) and project settings (.claude/settings.local.json) which often contain authentication tokens or API keys for MCP services. Although the skill instructions specify redacting this data, the ingestion of these files constitutes a significant data exposure risk.
[COMMAND_EXECUTION]: The skill executes several local commands and scripts: it runs a bash data collection script (collect-data.sh), uses Python to parse configuration JSON, and executes tools from configured MCP servers to verify their connectivity ('MCP Live Check').
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted project-level data. It reads from CLAUDE.md, rule files, other skills, and historical conversation logs. Malicious instructions embedded in these files by an attacker could compromise the audit logic or the agent's behavior. The skill includes mitigations in its subagent prompts (inspector-context.md, inspector-control.md) that explicitly instruct the agent to ignore instructions embedded in the input data. This risk is assessed as MEDIUM due to the skill's high capability and the sensitive nature of the data it processes.

health