The Agent Skills Directory

[COMMAND_EXECUTION]: The helper script scripts/todo.sh uses the sed utility to process user-provided strings for finding and modifying items. Since these strings are not sanitized, a user could provide input containing special characters (such as forward slashes) that terminate the sed regex early and inject additional sed commands, potentially leading to unintended modifications or deletions within the TODO.md file.
[PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by storing arbitrary user-provided text in a persistent file and later reading it back into the agent's context. * Ingestion points: Task descriptions and priority levels provided via the add command. * Boundary markers: None; the SKILL.md instructions direct the agent to read the raw TODO.md file without using delimiters to separate user data from system instructions. * Capability inventory: The skill has the ability to read, write, and delete files within the workspace. * Sanitization: No filtering or validation is performed on user input before it is saved or displayed back to the agent.

todo-tracker