The Agent Skills Directory

Prompt Injection (LOW): The skill is susceptible to indirect prompt injection through stored reminder messages. 1. Ingestion points: User-provided strings in the 'message' argument for 'add' and 'recurring' commands in SKILL.md. 2. Boundary markers: Absent; the skill does not define delimiters to separate data from instructions when retrieving reminders. 3. Capability inventory: Limited to local database operations via sqlite3. 4. Sanitization: None described for the stored message content.
External Downloads (LOW): The skill relies on the 'sqlite3' package (^5.1.7). While the author 'OpenClaw' is not a pre-approved trusted source, the use of standard, versioned dependencies from the npm registry is a common practice with low risk.

reminders