The Agent Skills Directory

[COMMAND_EXECUTION]: The helper script scripts/preqstation-api.sh uses the eval command within the preq_review_task function to execute test, build, and lint commands provided as arguments. This pattern allows for the execution of arbitrary shell strings.
[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to autonomously perform git actions including git commit, git push, and creating pull requests based on deployment strategies fetched from the remote API. It explicitly tells the agent not to stop for user approval during these operations.
[DATA_EXFILTRATION]: The skill accesses the local file ~/.preqstation-dispatch/projects.json to read and manage project path mappings on the user's filesystem.
[DATA_EXFILTRATION]: Work results, implementation summaries, and QA reports—which may contain sensitive information about the codebase—are transmitted to a user-configured remote API endpoint via curl and MCP tools.
[PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection as it processes task titles, notes, acceptance criteria, and comments retrieved from the PREQSTATION API. Although it contains instructions to prioritize task notes over comments and to ignore specific helper blocks, the agent could still be influenced by malicious instructions embedded in the task data. Evidence found in SKILL.md and scripts/preqstation-api.sh regarding ingestion points like preq_get_task and preq_get_task_comment.
[EXTERNAL_DOWNLOADS]: The documentation in docs/artifact-publishing.md references the use of an external MCP server provided by Fast.io (https://mcp.fast.io/mcp) for publishing work artifacts.

preqstation