The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the user to install the Task tool by downloading and executing a remote shell script using the command sh -c "$(curl --location https://taskfile.dev/install.sh)". While this is the official installation method for the tool, it represents a remote code execution vector from an external domain.
[COMMAND_EXECUTION]: The scripts/detect_taskfile.py utility invokes system commands such as task --version using subprocess.run() to detect installation state. Additionally, the workflow suggests various shell commands for project management (e.g., pnpm, gradlew, uv, docker) and system package managers (brew, snap, apt), with some requiring sudo privileges.
[EXTERNAL_DOWNLOADS]: The skill fetches installation assets and configuration templates from the taskfile.dev domain.
[DATA_EXFILTRATION]: The skill reads and analyzes sensitive project files, including .env, package.json, and Taskfile.yml. While no direct exfiltration to a remote server was observed, the contents of these files are ingested into the agent's context.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from project files without sanitization or strict boundary enforcement.
Ingestion points: The scripts/detect_taskfile.py script reads the content of Taskfile.yml, .env, and package.json files.
Boundary markers: There are no explicit markers or warnings used to separate project data from agent instructions.
Capability inventory: The skill has the ability to execute shell commands and file system operations across multiple scripts.
Sanitization: No escaping or validation is performed on the data retrieved from local files before it is processed by the agent.

taskfile-setup