The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/things_add.py uses subprocess.run to execute the macOS open utility. This is the standard method for triggering local URL schemes (like things:///) on macOS. The command is called with a list of arguments, which prevents shell command injection.
[CREDENTIALS_UNSAFE]: The skill optionally uses a THINGS_AUTH_TOKEN environment variable for update operations. This is a legitimate use of a secret for local application authentication. Note that the script prints the constructed URL (which would include the token) if executed on a non-macOS system or when debugging via the --print-url flag.
[PROMPT_INJECTION]: The skill processes untrusted user input to parse tasks (Category 8: Indirect Prompt Injection surface).
Ingestion points: User-provided text in the /mytodo command.
Boundary markers: The interactive workflow requires the agent to present the parsed list for user review and approval before execution.
Capability inventory: The skill executes scripts/things_add.py to trigger the URL scheme.
Sanitization: The helper script validates the JSON structure of the tasks and URL-encodes the data to ensure it is handled correctly by the OS and the target application.

things