Skills
skills/ar9av/obsidian-wiki/openclaw-history-ingest/Gen Agent Trust Hub

openclaw-history-ingest

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes untrusted data from previous agent transcripts and memories.
  • Ingestion points: Reads .jsonl session logs, MEMORY.md, and daily notes from ~/.openclaw/ (SKILL.md).
  • Boundary markers: No specific delimiters or boundary markers are defined for separating untrusted data from agent instructions.
  • Capability inventory: Performs file system writes to update the Obsidian vault, including index.md, log.md, and project-specific markdown files (SKILL.md).
  • Sanitization: Instructs the agent to filter out API keys, tokens, and passwords, and to prioritize summarization over verbatim transcripts.
  • [SAFE]: Accesses local directories (~/.openclaw) and configuration files (.env) solely for data migration and path resolution.
  • [SAFE]: Includes explicit instructions to skip credential directories (~/.openclaw/credentials/) and avoid ingesting runtime configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 11:52 AM