The Agent Skills Directory

[COMMAND_EXECUTION]: The instruction to run taskmd get $ARGUMENTS creates a command injection vulnerability. Since $ARGUMENTS contains the raw user query, an attacker could provide input with shell metacharacters (such as ;, &&, or |) to execute unauthorized commands on the host system via the Bash tool.\n- [PROMPT_INJECTION]: The skill retrieves and processes content from task files and specification documents using the Read tool without implementing boundary markers or input sanitization. This exposes the agent to indirect prompt injection if the task files contain adversarial instructions.\n
Ingestion points: Task descriptions, subtasks, and acceptance criteria are ingested from files in the tasks/ directory and from the output of the taskmd command.\n
Boundary markers: Absent. The skill does not use delimiters or instructions to ignore embedded commands when reading task data into the agent's context.\n
Capability inventory: The skill has access to powerful tools including Bash for command execution and Write for file modification.\n
Sanitization: Absent. There is no evidence of validation or filtering applied to the content of the task files before processing.

split-task