Skills
skills/alexgreensh/token-optimizer/fleet-auditor/Gen Agent Trust Hub

fleet-auditor

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/fleet.py utilizes subprocess.run to invoke system utilities (open, xdg-open, or start) to display a locally generated HTML dashboard in the user's default web browser. The command execution is limited to opening a file path defined within the application's local directory.
  • [PROMPT_INJECTION]: The skill processes untrusted data in the form of agent session logs and project transcripts from directories like ~/.claude/projects/ and ~/.openclaw/. Malicious instructions within these external logs could potentially influence the agent when it parses and summarizes audit results.
  • Ingestion points: scripts/fleet.py and scripts/shared.py (reading from various agent platform data paths)
  • Boundary markers: Not explicitly defined in the SKILL.md instructions when reporting findings to the user
  • Capability inventory: File system read/write access and local command execution via subprocess.run
  • Sanitization: The dashboard generation logic uses html.escape to sanitize data before inclusion in the HTML report.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 06:01 AM