The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill accesses a specific secrets file at ~/.claude/.secrets/ccterrybot-telegram to retrieve API credentials for the MiniMax service.
[DATA_EXFILTRATION]: The skill reads sensitive developer session logs (including commands and code) from ~/.claude/projects/ and transmits them to an external third-party API (MiniMax) for analysis.
[COMMAND_EXECUTION]: Spawns an agent to execute a local TypeScript script using bun run $HOME/eon/cc-skills/plugins/devops-tools/scripts/session-debrief.ts.
[PROMPT_INJECTION]: Includes 'Self-Evolving Skill' instructions that direct the agent to 'fix this file immediately' if issues are found, creating a mechanism for the agent to modify its own instructions, which could be exploited for persistent behavioral changes.
[PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the processing of untrusted session data.
Ingestion points: Reads .jsonl session files from the local filesystem containing past command outputs and user inputs.
Boundary markers: None. The prompt does not provide delimiters to differentiate between the log content and the agent's instructions.
Capability inventory: The skill has access to Bash, Agent, and Read tools, providing a wide attack surface if the processing LLM is subverted.
Sanitization: No sanitization or validation of the session log content is performed before passing it to the external model.

session-debrief