Team Tasks.Skip

This tool appears to implement the documented pipeline features, but pay attention to these red flags before installing/using it: - SKILL.md contains hard-coded session keys (Telegram group IDs) and instructs sessions_send to those groups. Replace or remove those keys — do not let the agent send messages to unknown external groups. - The dispatch template tells the agent to include local working directories and previous-stage outputs in dispatched messages. That can leak file paths, code snippets, or other sensitive artifacts to external endpoints. Only dispatch sanitized summaries and avoid sending raw files or secrets. - The tool is single-node JSON backed (no file locking). If you intend to run multiple agents or concurrent dispatch, review scripts/task_manager.py for race conditions and add locking if needed. - Because the skill can be invoked autonomously, consider requiring a human confirmation step in your agent workflow before any sessions_send or network-bound dispatch occurs. Practical next steps: 1) Inspect scripts/task_manager.py fully (search for network calls, subprocess.exec, file reads of sensitive paths). Run it locally in a sandboxed/isolated environment first. 2) Remove or parameterize the hard-coded session keys and verify sessions_send targets are ones you control. Prefer configurable session keys via environment variables rather than baked-in IDs. 3) Use a dry-run mode (or instrument the script) to print messages instead of actually sending them to external sessions while you validate behavior. 4) If you plan to share agent outputs, explicitly sanitize or redact file contents and secrets before including them in dispatch messages. Given the explicit external session targets and instructions to transmit local context, treat this skill as potentially leaking data until you verify and reconfigure it.