The Agent Skills Directory

[PROMPT_INJECTION]: The skill is instructed to read task comments and reviewer feedback. This presents a potential surface for indirect prompt injection if malicious instructions are placed in the task tracker. However, the skill follows a strict internal protocol (Goal Articulation Gate, 5 Whys) which serves as a reasoning-based filter against accidental obedience to instructions embedded in data.
[COMMAND_EXECUTION]: The skill uses the Bash tool for running typechecks and linters. This is consistent with its primary purpose as a development automation tool.
[DATA_EXFILTRATION]: While the skill interacts with external providers (GitHub, Linear), it does so using standard authenticated CLI tools (gh) or MCP servers. All network operations are directed at these well-known, trusted platforms for the purpose of task management. No unauthorized data exfiltration patterns were found.
[REMOTE_CODE_EXECUTION]: The skill includes several Node.js scripts in the references/scripts/ directory. These scripts are part of the skill's state-management framework and use standard Node.js APIs (node:fs, node:path). No external script downloads or arbitrary execution of remote content were identified.
[SAFE]: The skill adheres to the 'KISS/YAGNI' principles and includes self-check criteria before submission. All reference materials and scripts are project-local and part of the distributed skill package.

ln-403-task-rework