The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/main.cjs uses child_process.spawnSync to execute the claude CLI. It takes a user-supplied prompt argument and passes it directly to the command line (claude -p [prompt] -d). Although shell: false is used to mitigate some shell injection risks, the ability to execute arbitrary prompts via a CLI tool is a powerful capability that requires stricter input controls.\n- [DATA_EXFILTRATION]: The skill's main script reads file content via fs.readFileSync from a path provided in the logPath argument. There is no validation or sanitization of this path, creating a vulnerability that allows for arbitrary file access (exposure) through directory traversal or absolute paths if the agent is directed to a malicious location.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from debug logs without sufficient isolation.\n
Ingestion points: scripts/main.cjs reads logs from the user's home directory (.claude/debug/) or a user-specified logPath.\n
Boundary markers: No delimiters or instructions are used to distinguish log content from system instructions.\n
Capability inventory: The skill possesses capabilities for command execution (spawnSync) and filesystem access (fs.readFileSync).\n
Sanitization: Log lines are processed using regular expression patterns in classifyLine without prior sanitization, allowing for the possibility that crafted log content could influence the diagnostic findings or the agent's behavior.

troubleshooting-regression