The Agent Skills Directory

[PROMPT_INJECTION]: The skill facilitates indirect prompt injection by processing untrusted content from external RSS feeds and piping it directly into an AI for summarization.
Ingestion points: The rss_openclaw_summary.sh and rss_notify.sh scripts fetch data from arbitrary external URLs.
Boundary markers: The prompt template used for OpenClaw (Lines 136-139) does not include delimiters or instructions to ignore embedded commands within the feed content.
Capability inventory: The skill creates executable scripts, performs network operations, and modifies system persistence via cron.
Sanitization: There is no evidence of filtering or sanitization applied to the feed content before it is processed by the AI.
[COMMAND_EXECUTION]: The skill manages system tasks and automation through the creation and execution of shell scripts.
Script creation: Instructions provide logic for writing multiple Bash scripts to the user's home directory (~/bin/).
Permission modification: The skill uses chmod +x to grant execution permissions to the newly created scripts.
Persistence: The skill explicitly guides the user to add entries to the system crontab for automated, recurring execution of the monitoring scripts (Lines 144-150).
[EXTERNAL_DOWNLOADS]: The skill fetches software and data from external remote sources.
Dependency installation: Installs the sfeed parser from the vendor's repository via brew tap frankieew/tap (Line 15).
Data retrieval: Uses curl -sL to retrieve remote XML/Atom content from various RSS feed providers (Lines 26, 72, 114, 132).

openclaw-rss