agent-forge
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: As a generative tool that creates skills based on user input, the skill inherently possesses an attack surface for indirect prompt injection. A malicious user could provide input designed to create a harmful skill.
- Ingestion points: User-provided descriptions and goals for new skills or agents in
SKILL.md. - Boundary markers: The skill does not currently implement specific delimiters or "ignore" instructions within its generated templates to isolate user-provided logic.
- Capability inventory: The skill is designed to perform file system operations (
read,mkdir,write) and execute platform-specific commands (openclaw gateway restart,python3) via the agent's available tools. - Sanitization: The skill relies on the underlying LLM's general safety guardrails and does not perform explicit sanitization of the user's creative input.
- [EXTERNAL_DOWNLOADS]: The skill includes an example for a weather bot that uses
curlto fetch data fromwttr.in. This is a well-known service used for legitimate demonstration of network capabilities and does not involve downloading executable code. - [SAFE]: The main instructions guide the agent to execute local validation scripts (e.g.,
quick_validate.py) located within the system'sopenclawinstallation using standard platform commands and paths.
Audit Metadata