The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a Bash command that directly interpolates the $ARGUMENTS variable provided by the user. Evidence: taskmd todos list --format json $ARGUMENTS in the discovery step. Risk: This pattern allows for shell command injection if a user provides metacharacters such as semicolons or pipes, potentially leading to arbitrary code execution.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted data from the codebase without sanitization. Ingestion points: Source code files scanned for TODO/FIXME comments via taskmd. Boundary markers: Absent; the extracted text is used directly as input for other tasks. Capability inventory: The skill utilizes the Bash tool and can invoke other skills via the Skill tool. Sanitization: None; the raw text from comments is passed to the user and subsequent tools. Risk: Maliciously crafted comments in the codebase could be used to influence the agent's behavior or trigger unintended actions when the task is created.

import-todos