The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The references/role-skill-catalog.md file contains a curated list of hundreds of external skills from unverified GitHub repositories. The skill encourages users to download and install these via the npx skills add command.
[REMOTE_CODE_EXECUTION]: By recommending and providing installation instructions for unverified third-party packages from community sources (e.g., GitHub accounts like sickn33, am-will, jimliu, alirezarezvani, etc.), the skill facilitates the potential execution of malicious remote code on the user's host machine.
[COMMAND_EXECUTION]: The workflow defined in SKILL.md instructs the agent to provide concrete installation commands to the user, such as npx skills add <package>, which involves shell execution for package management and installation.
[PROMPT_INJECTION]: The skill ingests untrusted data from an existing user.md file to drive its recommendation logic. While references/user-md-template.md includes instructions for the agent to refuse writing sensitive information (e.g., passwords or API keys), the lack of strict boundary markers for processing this file creates an attack surface for indirect prompt injection where a malicious profile could influence agent behavior.

openclaw-user-profiler