The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run to execute local git commands such as rev-parse, blame, and show. These commands are used to resolve commit SHAs and identify files touched by a change. The execution uses a list of arguments, which prevents standard shell injection vulnerabilities.
[DATA_EXPOSURE]: The skill accesses Claude Code transcripts located in the user's home directory (~/.claude/projects/). These transcripts contain historical chat logs between the user and Claude. Accessing this data is the primary purpose of the skill to recover implementation reasoning.
[INDIRECT_PROMPT_INJECTION]: The skill processes historical chat data from transcripts, which could theoretically contain malicious instructions if an attacker had previously influenced a Claude Code session.
Ingestion points: scripts/find_transcript.py reads .jsonl transcript files from the Claude Code project directory.
Boundary markers: The instructions in SKILL.md advise the agent to treat excerpts as evidence rather than ground truth and to ignore technical noise.
Capability inventory: The skill primarily performs read operations on the repository (via git) and the transcript logs.
Sanitization: The clean_text function in the script removes command prefixes and tool-use noise to isolate substantive reasoning text.

recall-reasoning