The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill processes content from a user-specified TODO file and interpolates it into prompts for other subagents and skills. This creates an attack surface where a malicious TODO file could attempt to influence the behavior of the downstream agents. [Ingestion Points]: PHASE-1-TODO-READING.md reads the file specified in the $ARGUMENTS variable. [Boundary Markers]: Absent; the skill does not use delimiters to wrap external data in the prompts. [Capability Inventory]: The skill uses the Task tool (to call Explore and Plan subagents) and the Skill tool (to call the project-manager skill), both of which process natural language instructions. [Sanitization]: No specific sanitization or escaping of the file content before interpolation into prompts was identified.

todo-task-planning