The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interacts with the local file system to execute a JavaScript file via Node.js located at /Applications/AutoClaw.app/Contents/Resources/gateway/openclaw/openclaw.mjs to manage cron tasks.
[PROMPT_INJECTION]: The skill instructs the agent to generate instructions for its future self within the --system-event parameter. These instructions use imperative language such as 'You must immediately call the message tool' and 'Do not do anything else' to control agent behavior at execution time.
[INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates user-controlled data into a string that is later interpreted as an instruction by the agent.
Ingestion points: User-supplied input for <任务名> (Task Name) and <提醒内容> (Reminder Content) is used to construct the --system-event command string in SKILL.md.
Boundary markers: There are no boundary markers or escaping mechanisms defined to separate user content from the system instructions within the event string.
Capability inventory: The agent has access to the openclaw CLI for task scheduling and the message tool for external communication with Feishu.
Sanitization: No sanitization or validation of the user-provided message content is implemented before it is placed into the executable instruction string.

feishu-cron-reminder