The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes Claude Code's dynamic context injection syntax (!command) to execute shell commands at load time. Specifically, the command taskmarket task get $0 directly interpolates a positional argument ($0) into the shell environment. This pattern is vulnerable to command injection, as it does not validate or escape user-controlled input before execution.\n- [PROMPT_INJECTION]: The estimation process involves ingesting untrusted data from TaskMarket tasks. This creates a surface for indirect prompt injection, where malicious instructions embedded in a task description could potentially manipulate the agent's scoring logic or behavior. The skill lacks defined boundary markers or sanitization procedures for this ingested content.\n- [COMMAND_EXECUTION]: The skill includes several dynamic context shell commands, such as taskmarket task list and fetch-model-pricing. While these specific examples use predefined flags, the overall practice of running shell commands automatically at skill load time based on external state increases the potential attack surface of the host environment.

task-estimator