The Agent Skills Directory

[COMMAND_EXECUTION]: The skill establishes persistence by automatically installing background tasks and services using crontab (Linux/WSL), launchd plists (macOS), and systemd user services via scripts such as add-to-crontab.sh, add-to-launchd.sh, and start-watcher.sh. These tasks are configured to run headlessly and independently of the user session.
[REMOTE_CODE_EXECUTION]: The start-watcher.sh script dynamically generates shell scripts at runtime and writes them to $HOME/.task-trigger/watchers/ for execution by the system. Additionally, run-task.sh executes dynamically built command strings through agent CLIs like opencode and kiro-cli using subprocess.run.
[PROMPT_INJECTION]: The file monitoring feature (/task-trigger:watch) and scheduled task architecture create a surface for indirect prompt injection. Untrusted data from monitored files or pre-configured task prompts are executed in a headless environment—often with the --trust-all-tools flag enabled for kiro-cli—which could be exploited to trigger unintended agent actions if inputs are compromised.

task-trigger