The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes user-controlled data from 'time-state.json' during report generation. User-supplied strings in the 'notes' and 'project' fields are included in prompts for daily and weekly summaries. 1. Ingestion points: 'notes' and 'project' fields within the 'time-state.json' file. 2. Boundary markers: Absent. 3. Capability inventory: Local file read and write operations on 'time-state.json' and 'financial-tracker', and platform-specific shell command execution via 'openclaw cron add' as described in 'SKILL.md' and 'advanced-patterns.md'. 4. Sanitization: No evidence of validation or escaping for the ingested user data.

time-tracker