The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The script scripts/haiku-screen.sh parses the ACC_MODELS environment variable and executes the resulting strings as commands via subprocess.run. This allows for the execution of arbitrary system binaries with user-controlled parameters, posing a major risk if the environment is compromised or influenced by other skills.
EXTERNAL_DOWNLOADS (MEDIUM): The scripts/encode-pipeline.sh script attempts to call scripts/calibrate-patterns.sh, which is absent from the provided skill files. This reference to an external/missing script prevents full security verification and could be used to execute unvetted code at runtime.
PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it processes untrusted user input from session transcripts without sanitization or boundary enforcement.
Ingestion points: Session transcripts are extracted by scripts/preprocess-errors.sh from ~/.openclaw/sessions/.
Boundary markers: No delimiters or 'ignore' instructions are used in the generated ACC_STATE.md context file or the screening prompt in scripts/haiku-screen.sh.
Capability inventory: The pipeline has the ability to execute shell commands and modify the local filesystem.
Sanitization: No escaping or filtering is applied to the conversation snippets before they are interpolated into prompts or stored in the state JSON.

acc-error-memory