The Agent Skills Directory

[PROMPT_INJECTION]: Vulnerable to indirect prompt injection (Category 8). Maliciously crafted release notes on the source repository could influence agent behavior when the automated check runs.
Ingestion points: The 'check.sh' script fetches release information from the GitHub API ('https://api.github.com/repos/clawdbot/clawdbot/releases').
Boundary markers: There are no delimiters or instructions to the LLM to ignore potentially malicious text within the fetched release notes.
Capability inventory: The skill has the ability to execute shell scripts and schedule recurring tasks via the '~/.clawdbot/cron/jobs.json' file.
Sanitization: No sanitization or safety filtering is performed on the release highlights before they are passed to the agent's notification prompt.
[COMMAND_EXECUTION]: The skill uses shell scripts to perform version checks and system configuration, including the use of 'curl', 'jq', and 'launchctl' to manage update checks and notifications.
[EXTERNAL_DOWNLOADS]: Fetches release metadata from GitHub's official API. As this is a well-known service and the activity is central to the skill's stated purpose, it is documented as expected behavior.

clawdbot-release-check