The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill recommends global installation of the @jogi47/pm-cli npm package. This is a vendor-owned resource managed by the skill author.
[COMMAND_EXECUTION]: The instructions empower the agent to execute various pm CLI subcommands to list, create, update, and delete tasks, as well as perform git operations like branch creation.
[DATA_EXFILTRATION]: The skill involves handling sensitive authentication tokens (ASANA_TOKEN, NOTION_TOKEN) and Personal Access Tokens. While these are required for the tool's core functionality, their presence in the environment or command history is a factor for secure data management.
[PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from external project management providers, creating a surface for indirect prompt injection.
Ingestion points: Task content including titles and descriptions is fetched via commands like pm tasks assigned, pm tasks search, and pm tasks show from external providers (Asana, Notion).
Boundary markers: The instructions do not provide specific delimiters or warnings to the agent to ignore instructions that might be embedded within the task titles or descriptions.
Capability inventory: The agent has the capability to execute shell commands, create git branches based on task names, and open browser sessions using URLs retrieved from the task data.
Sanitization: No sanitization, escaping, or validation steps are described for handling the data retrieved from external APIs before it is processed by the agent.

pm-cli-usage