Task Quest

What to check before installing: 1. Review and remove/clarify the 'Don't ask permission. Just do it.' line in the AGENTS.md/Session Startup diffs — never allow the agent to read private memory/identity files without explicit approval. Ask the skill author to remove that instruction or make it opt-in. 2. Confirm the intended semantics of active:false. The package contains contradictory statements (one says skip all game elements when inactive; another says tracking continues while inactive). Ask the author to make behavior unambiguous: either stop all reads/writes when inactive or explicitly state what 'tracking' continues and why. 3. Before applying any AGENTS.md / HEARTBEAT.md / cron changes, back up those files and require an explicit user prompt for each change. The integration diffs affect agent startup and scheduled jobs — only apply them if you trust the change and understand the effect. 4. Inspect the created files after running init-quest.sh to ensure they contain no sensitive data and live only in a workspace folder you control. Run the init script in a safe test workspace first if unsure. 5. Verify agent runtime permissions: restrict agent network access if you do not want any possibility of exfiltration (this skill does not include network endpoints, but workspace changes increase persistent behavior risk). 6. If you require stronger guarantees, ask the author to remove any instruction that reads memory/*.md or SOUL.md by default, and to make all tracking opt-in and transparently logged. Why I flagged this as suspicious: the skill is otherwise coherent and low-risk (local files only), but the contradictory and consent-undermining workspace-integration instructions (automatic reads of memory and a 'Don't ask permission' directive, plus unclear inactive-mode behavior) raise privacy and persistence concerns that should be resolved before installation.