The Agent Skills Directory

[PROMPT_INJECTION]: The skill implements an architecture that is susceptible to Indirect Prompt Injection.
Ingestion points: Historical data and context enter the agent's prompt via $MEM search, $MEM handoff read, $MEM auto-capture, and direct reading of 'Brain' files located in memory/projects/ (SKILL.md).
Boundary markers: Absent. Section 3.2 explicitly instructs the agent to "directly inject contents" (직접 내용을 주입) from memory files into sub-agent prompts rather than using secure delimiters or escaping.
Capability inventory: The skill executes several sub-commands of the openclaw-mem CLI tool for searching, indexing, and state management (SKILL.md).
Sanitization: Absent. There are no instructions to validate or sanitize the retrieved content before it is processed by the AI, which could allow malicious content previously stored in memory to influence agent behavior.
[COMMAND_EXECUTION]: The skill relies on a local CLI tool, openclaw-mem, located within the workspace's virtual environment. It also utilizes standard shell commands such as cat for file creation and wc for monitoring file size. These executions are consistent with the skill's stated purpose of managing a 5-layer memory architecture.
[PROMPT_INJECTION]: Metadata inconsistency detected. The author is listed as 'misskim' in the YAML frontmatter, while the provided context identifies the author as 'kjaylee'. This mismatch, while potentially a result of template reuse, constitutes inconsistent metadata.

memory-management