The Agent Skills Directory

PROMPT_INJECTION (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: TASKS.md is read whenever the user asks about tasks or commitments. 2. Boundary markers: None. The agent is instructed to read and summarize the file content directly without delimiters or safety headers. 3. Capability inventory: The skill can create and modify TASKS.md, copy dashboard.html to the workspace, and provide formatted summaries to the user. 4. Sanitization: None detected. Malicious instructions embedded in task titles or context would be processed with the same priority as legitimate data.
COMMAND_EXECUTION (MEDIUM): The skill performs file system operations, including copying dashboard.html from ${CLAUDE_PLUGIN_ROOT} to the current working directory. This pattern can be used to drop executable or scriptable content (HTML/JS) into the user's workspace.
DYNAMIC_EXECUTION (MEDIUM): The introduction of an HTML dashboard that 'auto-saves' and 'watches for changes' suggests runtime script execution (JavaScript) within the user's environment to interact with the task file, creating an unverified execution surface.

task-management