The Agent Skills Directory

[COMMAND_EXECUTION]: The skill directs the agent to execute taskmd status $ARGUMENTS via the Bash tool. The variable $ARGUMENTS is interpolated directly into the command string without shell quoting or escaping. This pattern is a standard vector for command injection, where a user could provide input containing shell metacharacters (e.g., ;, |, &&) to execute arbitrary code.
[COMMAND_EXECUTION]: The skill relies on an external CLI utility (taskmd) to perform its primary function. While this is the intended design, the direct exposure of the shell environment to untrusted user input via this tool creates a vulnerability surface that depends on the security and error-handling capabilities of the underlying CLI and the agent's execution environment.

get-task-status