The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted project data that may contain malicious instructions. It instructs the agent to ingest content from project files like README.md, index.html, and localization strings to automatically generate marketing context documents. These documents are then intended to be used by other skills (e.g., content-strategy, store-listing) as a source of truth. If these source files contain hidden instructions, those instructions could be propagated into the marketing context and affect the behavior of downstream skills. Ingestion points: SKILL.md specifies that the agent should read README.md, index.html, and localization files to auto-draft context. Boundary markers: The skill does not provide any instructions to use delimiters or ignore embedded commands when reading these untrusted files. Capability inventory: The skill involves reading project files and writing generated markdown context documents to the .openclaw/game-context/ directory. Sanitization: There is no mention of validating, escaping, or sanitizing the ingested external content before it is used to generate the marketing context.

game-marketing-context