github-stars-monitor

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The collector script 'collect.py' accesses the sensitive file path '~/.openclaw/gateway.env' to retrieve the 'GITHUB_TOKEN' credential.
  • [PROMPT_INJECTION]: The skill processes untrusted content from GitHub user profiles (names, bios, and company fields) and interpolates it into subsequent tool calls and alerts without sanitization or boundary markers, creating a surface for indirect prompt injection.
  • Ingestion points: Profile data is fetched in 'collect.py' via the 'fetch_user_profile' function.
  • Boundary markers: No delimiters or ignore instructions are present when the agent processes the user data in 'SKILL.md' steps 3 and 4.
  • Capability inventory: The agent uses the 'exa-search__web_search_advanced_exa' tool and generates notification messages.
  • Sanitization: No validation or escaping of profile fields is performed before use.
  • [PROMPT_INJECTION]: The instructions include specific command constraints designed to bypass security 'preflight blocks' and execution monitors.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 04:54 AM
Security Audit — agent-trust-hub — github-stars-monitor