The Agent Skills Directory

[SAFE]: The skill's primary function is to read and summarize local markdown files to provide project metrics. All operations are local and restricted to project-specific paths.
[DATA_EXPOSURE]: The skill accesses project files such as tracks.md and plan.md to extract status information. This is standard behavior for a project dashboard tool and does not involve accessing sensitive system directories (like .ssh or .aws) or private user data.
[PROMPT_INJECTION]: The skill parses content from project implementation plans which constitutes an indirect prompt injection surface. However, the skill's instructions specifically direct the agent to 'Parse content to identify statuses' and 'Count total phases and tasks', which limits the likelihood of an agent executing arbitrary instructions found within those files. Furthermore, the skill lacks the capabilities (network access, command execution) required to carry out common post-exploitation actions.

conductor-status