The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user or agent to install the @origintask/intent-engine NPM package and the intent-engine Cargo crate, which are from unverified third-party sources not included in the trusted organizations list.
Evidence: npm install -g @origintask/intent-engine and cargo install intent-engine instructions in SKILL.md.
COMMAND_EXECUTION (LOW): The skill relies on the execution of a local CLI binary (ie) for its core functionality. This binary's internal logic is opaque to the AI agent and the host system.
Evidence: Frequent use of commands like ie status, ie plan, and ie log throughout the workflow.
PROMPT_INJECTION (LOW): The skill's architecture for 'amnesia recovery' via a persistent memory store is a surface for indirect prompt injection. Malicious instructions stored in task specs or decision logs could be re-ingested by the agent in a later session.
Ingestion points: Output from ie status and ie search retrieved into the agent's context.
Boundary markers: Absent; the agent is not instructed to treat retrieved 'memory' as untrusted or to use delimiters.
Capability inventory: Shell command execution (ie), file piping, and package installation.
Sanitization: No sanitization or validation of the retrieved markdown strings is mentioned or performed.

intent-engine