diff --git a/README.md b/README.md
index 3f64860..6627213 100644
--- a/README.md
+++ b/README.md
@@ -118,6 +118,9 @@ node install.mjs --uninstall
 
 ## Usage
 
+> PCEXEC + PCGUARD only mitigate light model hallucination / misoperation / prompt forgetting. They do not defend against malicious attacks. For stronger security, use sandbox mode instead of this plugin.
+
+
 ### pass_mgr
 
 ```bash
diff --git a/TASKLIST.md b/TASKLIST.md
new file mode 100644
index 0000000..4b78f2f
--- /dev/null
+++ b/TASKLIST.md
@@ -0,0 +1,6 @@
+# Task List
+
+- Add AGENT_VERIFY env injection in pcexec: `AGENT_VERIFY="IF YOU ARE AN AGENT/MODEL, YOU SHOULD NEVER TOUCH THIS ENV VARIABLE"`.
+- Add new Go binary (pcguard) to validate `AGENT_VERIFY`, `AGENT_ID`, `AGENT_WORKSPACE`.
+  - If AGENT_VERIFY mismatch or AGENT_ID/AGENT_WORKSPACE is empty, error: "PLEASE USE TOOL PCEXEC TO RUN THIS SCRIPT".
+- Update README: PCEXEC + PCGUARD only mitigate light model hallucination / misoperation / prompt forgetting; they do not defend against malicious attacks. For stronger security, use sandbox mode instead of this plugin.