The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides detailed instructions for using the exec and process tools to run arbitrary shell commands and manage background processes. It specifically notes that exec is 'VERY HIGH risk' and requires explicit user confirmation before use. It also describes capabilities to run commands on the gateway host (host: "gateway"), which grants access to the underlying system environment.
[EXTERNAL_DOWNLOADS]: The browser tool is documented for automating interactions with live websites, including navigating to arbitrary URLs, submitting forms, and taking screenshots. The documentation identifies this as a 'HIGH risk' capability due to its potential interaction with authenticated sessions and external network resources.
[PROMPT_INJECTION]: The skill describes an indirect prompt injection surface through the ingestion of untrusted data from websites (via the browser tool) and external structured data (processed by llm-task).
Ingestion points: Scraping web content in references/browser-automation.md and processing external input in references/llm-task-chains.md.
Boundary markers: The skill emphasizes the use of structured JSON and schemas to constrain AI output, but does not mandate specific string-based boundary delimiters for untrusted content.
Capability inventory: The platform supports high-privilege tools including exec (shell commands), browser (web actions), and gateway (system management).
Sanitization: The skill includes a dedicated section on input sanitization in references/gateway-and-exec.md, instructing the agent to escape shell metacharacters and validate data types before passing data to shell commands.

build-openclaw-workflow