The Agent Skills Directory

[SAFE]: The skill's primary function is the management of local project files within the docs/backlog/ and docs/decisions/ directories. It does not request network access, access sensitive system files (e.g., SSH keys, environment variables), or perform any administrative tasks.
[NO_CODE]: The skill consists entirely of natural language instructions and does not ship with any executable scripts, binary files, or external dependencies, significantly reducing the attack surface.
[PROMPT_INJECTION]: While the skill ingests untrusted data from project files (Category 8 surface), this behavior is the core intended purpose of a task manager.
Ingestion points: Reads requirement files and indices from docs/backlog/.
Boundary markers: The instructions do not specify explicit boundary markers or delimiters for the data it processes.
Capability inventory: The skill is limited to writing documentation files (.md) and managing local memory markers; it lacks subprocess execution or network capabilities.
Sanitization: There is no explicit sanitization step described, but the limited capabilities of the skill minimize the risk of indirect injection.

task-manager