The Agent Skills Directory

[DATA_EXFILTRATION]: The skill accesses sensitive debug log files located at $HOME/.claude/debug/. These files contain session history, tool outputs, and internal agent state. While necessary for the skill's purpose, this represents access to potentially sensitive internal data.
[COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands including grep, cp, wc, and bc. It also attempts to run a local Node.js script (scripts/reduce-debug-log.mjs) which is referenced in SKILL.md but was not provided in the analyzed skill files.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests raw logs (Step 3) which could contain attacker-influenced content (e.g., error messages or tool outputs from malicious external sources) that the agent might interpret as instructions during analysis.
Ingestion points: Processes logs from ~/.claude/debug/ and .claude/context/tmp/.
Boundary markers: None identified in the instructions for log processing.
Capability inventory: Access to Read, Write, Bash, and Grep tools; capability to execute arbitrary local shell commands.
Sanitization: No sanitization or validation of the log content is performed before processing.

debug-log-analysis