The Agent Skills Directory

[COMMAND_EXECUTION]: The orchestration logic relies on shell scripts (orchestrate.sh, spawn-agent.sh) to manage sub-agents and local state. These scripts execute commands like openclaw sessions spawn and perform filesystem operations within the ~/.openclaw directory to maintain the harness environment.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it interpolates untrusted user input (task descriptions) directly into the system prompts of sub-agents. Specifically, the worker agent receives these instructions and possesses execute permissions, creating a risk that malicious data in a task description could influence the agent to perform unauthorized code execution.
Ingestion points: The TASK_DESC variable in scripts/orchestrate.sh and scripts/spawn-agent.sh captures external user input.
Boundary markers: The skill uses basic Markdown headers (## 태스크) to separate user input, but lacks robust delimiters or escaping to prevent instruction hijacking.
Capability inventory: The worker.md agent is explicitly granted write: true and execute: true permissions.
Sanitization: No sanitization or validation of the user-provided task description is performed before it is passed to the sub-agents.
[EXTERNAL_DOWNLOADS]: The documentation references external services for model access (api.z.ai, api.openai.com) and suggests installation via clawhub. These references target well-known technology providers and infrastructure associated with the skill's stated purpose, and are handled according to standard API key management practices.

harness