The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes several system-level commands, including Git operations for repository management (status, remote, fetch, merge) and NPM scripts (npm run build, npm test) for post-merge validation.\n- [EXTERNAL_DOWNLOADS]: The skill retrieves data from external Git repositories to facilitate updates. The default target is the vendor's repository at https://github.com/qwibitai/nanoclaw.git, though users can specify other URLs.\n- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection (Category 8) due to its core functionality of merging external code and executing validation scripts.\n
Ingestion points: External source code and commit history are ingested into the environment through git fetch and git merge operations as described in SKILL.md.\n
Boundary markers: The skill lacks mechanisms to isolate or explicitly ignore instructions that might be embedded within the merged content.\n
Capability inventory: The skill has the capability to merge code and execute project-defined scripts (build and test) which can lead to unintended code execution if the source is malicious.\n
Sanitization: There is no automated sanitization or content filtering applied to the incoming code before it is integrated and validated.

update-skills