The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes shell commands including 'git branch', 'git log', and 'grep' to collect branch names, commit history, and version information from the local development environment. These operations are restricted to gathering metadata for populating task descriptions and are consistent with the skill's stated purpose for developer workflow automation.
[EXTERNAL_DOWNLOADS]: Communicates with the official Alibaba Cloud Yunxiao Open API at 'openapi-rdc.aliyuncs.com' for task and project management. As a well-known service, this network activity is considered legitimate for the skill's intended functionality.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data from external sources—specifically Git commit messages, 'pom.xml' content, and API responses—and interpolates this data into task descriptions.
Ingestion points: Local Git repository metadata ('git log'), project configuration files ('pom.xml'), and external API responses from Yunxiao.
Boundary markers: None identified; data is directly substituted into HTML templates.
Capability inventory: Execution of network requests via 'fetch' and subprocess execution via 'git' and 'grep'.
Sanitization: No explicit sanitization or validation of the ingested content is mentioned before it is written back to the API.

yunxiao-task-management