The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted user data from the $ARGUMENTS variable to determine which task fields to update and what values to assign.
Ingestion points: User query supplied via $ARGUMENTS (e.g., in SKILL.md instructions).
Boundary markers: None. There are no delimiters or instructions to ignore embedded commands within the user input.
Capability inventory: The skill has access to the Bash tool for command execution and the Edit tool for file modifications.
Sanitization: No sanitization, escaping, or validation logic is defined to protect against malicious input meant to manipulate the agent's logic or the resulting shell commands.
[COMMAND_EXECUTION]: The skill dynamically constructs shell commands (e.g., taskmd set <ID> --flags) using values parsed directly from user input. This pattern creates a surface for command injection if the agent fails to properly sanitize special shell characters provided in the user's request.

update-task