The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The utility script scripts/_sms_utils.py reads sensitive configuration and credential files from the user's home directory, specifically ~/.config/env/secrets.env and ~/.claude.json, to authenticate with Twilio and Telnyx APIs.
[COMMAND_EXECUTION]: Multiple scripts within the skill utilize subprocess.run to execute shell commands. scripts/sms_process_reply.py invokes internal scripts, while scripts/sms_respond.py executes the external claude CLI binary to generate automated SMS replies. The use of the claude CLI is particularly notable as it is configured with a set of active tools (Read, Glob, Grep, WebFetch, WebSearch) that provide significant access to the host system and network.
[PROMPT_INJECTION]: The scripts/sms_respond.py script implements an auto-reply feature that is vulnerable to indirect prompt injection. It fetches inbound SMS messages—which are untrusted external inputs—and interpolates them directly into a complex prompt sent to a secondary LLM process (the claude CLI). While the script attempts to mitigate this by fencing the input with backticks and labeling it as 'UNTRUSTED INPUT', a successful injection attack could allow a remote sender to manipulate the LLM's behavior and potentially abuse the tools available to the subprocess to read local files or make unauthorized web requests.

sms