The Agent Skills Directory

PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it scans 14 days of personal daily notes and task archives. Malicious instructions embedded in these notes could potentially influence the agent's behavior during classification or formatting.
Evidence Chain (Category 8):
Ingestion points: _DAILY.md, _DAILY_archive.md, and all files in obsidian/Timatron/daily/*.md from the last 14 days.
Boundary markers: Absent. The agent is instructed to read text directly and extract TODOs, topics, and markers.
Capability inventory: Reading/writing local files and executing Asana API calls (create/update tasks) via the user-asana MCP server.
Sanitization: Absent. Content from notes is interpolated directly into the proposed task list and the final file output.
COMMAND_EXECUTION (SAFE): The skill uses an external MCP server (user-asana) to perform actions. While this involves executing tool calls, the skill explicitly requires a confirmation prompt (Step 6) before any side-effecting API calls are made, which serves as a critical safety barrier.

x-update-daily-tasks