The Agent Skills Directory

[SAFE]: The skill operates entirely on local Markdown files within the user's workspace. It does not attempt to exfiltrate data, use obfuscated code, or download external scripts.
[COMMAND_EXECUTION]: The skill includes an example command for the openclaw CLI to schedule a monthly review via a cron job. This is a documented platform feature for automation and does not represent an unauthorized execution risk.
[PROMPT_INJECTION]: The skill processes potentially untrusted data through business idea descriptions and external research feedback, creating a surface for indirect prompt injection.
Ingestion points: Reads from ideas/idea-vault.md and processes user-provided idea summaries and research notes.
Boundary markers: The instructions rely on Markdown headers and bullet points; no specific XML tags or security delimiters are used to isolate untrusted content.
Capability inventory: The agent is authorized to read/write files in the workspace (specifically the ideas/ directory) and modify agent configuration files like HEARTBEAT.md and AGENTS.md.
Sanitization: There is no explicit instruction to sanitize or validate the content of ideas before the agent performs high-level reasoning or scoring tasks.

idea-vault