The Agent Skills Directory

[SAFE]: The skill implements authentication using a User Token retrieved from environment variables or a local configuration file, adhering to standard security practices for API integrations.
[SAFE]: No hardcoded credentials, malicious network exfiltration, or obfuscation techniques were found during the analysis of the script files.
[PROMPT_INJECTION]: The skill has a standard vulnerability surface for indirect prompt injection because it processes user-generated content from an external platform. Ingestion points: The scripts query_tasks.py, query_task_detail.py, query_task_activity.py, and render_rtf.py fetch task titles, notes, and comments from the Teambition API. Boundary markers: There are no explicit delimiters or instructions to ignore embedded prompts in the data processed by the scripts. Capability inventory: The skill includes functions to create and modify platform data through create_task.py, update_task.py, and archive_task.py. Sanitization: Task content is retrieved and presented to the agent without evidence of sanitization or filtering.

dingtalk-teambition