Skills
skills/hanzhcn/laohan-skills/laohan-cheat/Gen Agent Trust Hub

laohan-cheat

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to execute a local shell script named bridge.sh within the ~/.openclaw/workspace-shared/content-ops/ directory when the OpenClaw environment is detected. This occurs specifically during the "IMPORT" workflow to synchronize or fetch content.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to ingest and perform qualitative analysis (6-dimensional scoring) on external markdown files (script*.md) found in the local workspace. Since the agent is provided with broad Bash(*) permissions and lacks explicit sanitization or boundary markers for this untrusted content, malicious instructions embedded in a video script could potentially influence the agent's behavior during the analysis phase.
  • [COMMAND_EXECUTION]: Beyond specific scripts, the skill's core logic relies on the agent directly executing shell commands via the Bash tool to perform file system checks, directory creation, and file calculations (e.g., using Bash to estimate video duration and character counts).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 11:04 PM
Security Audit — agent-trust-hub — laohan-cheat