The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands using an external CLI tool called 'qmd'. Specifically, in Step 2.6, it interpolates data derived from quarterly goals and task descriptions directly into the command string (e.g., qmd query "goal description/success criteria" --limit 5). This pattern is susceptible to command injection if the source data—which is user-controlled through task lists and goal files—contains shell metacharacters such as semicolons, backticks, or subshell syntax.
[DATA_EXFILTRATION]: Step 7 describes a silent usage tracking mechanism that calls a track_event tool with analytics properties (e.g., priorities_count, goals_count). While the skill claims this only executes if the user has opted into analytics, it establishes a data exfiltration channel for productivity metadata to an external service.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from multiple sources to influence its planning suggestions.
Ingestion points: The skill reads from Weekly_Synthesis_[last-monday].md, user-profile.yaml, Dex_Backlog.md, and retrieves data via list_tasks and get_quarterly_goals.
Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed data.
Capability inventory: The skill possesses the ability to execute shell commands (qmd), perform file system operations (writing and archiving planning files), and invoke tracking tools.
Sanitization: No evidence of sanitization, escaping, or validation of the external content before it is interpolated into prompts or CLI commands was found.

week-plan