The Agent Skills Directory

[SAFE]: The skill reads local session history files located in ~/.claude/projects/ to extract usage statistics. This is the intended purpose of the tool and does not involve unauthorized access to system credentials or network exfiltration.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it ingests session log data. 1. Ingestion points: ~/.claude/projects/ session logs (SKILL.md). 2. Boundary markers: None provided. 3. Capability inventory: Bash (SKILL.md frontmatter). 4. Sanitization: None described in the provided logic. However, the risk is considered safe as the skill's logic is focused on costing metrics rather than executing message content.

cost-session