skill-router
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's metadata contains installation instructions using shell commands.
- Evidence: The
metadata.installfield inSKILL.mdspecifiescp -r skills/* ~/.openclaw/skills/. This command modifies the local file system by copying files into a hidden application directory. While typical for the installation process of the OpenClaw framework, it involves shell-level file manipulation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its role as an intent-based router.
- Ingestion points: The skill processes free-text user queries (e.g., "分析腾讯", "全面的分析NVDA") to determine tool routing.
- Boundary markers: The skill does not define explicit delimiters or instructions to ignore embedded commands within the financial data it might process.
- Capability inventory: The router has the capability to trigger any of the 20+ listed market and technical indicator sub-skills.
- Sanitization: No explicit sanitization or validation of user input is described before it is used to select and parameterize sub-skills. This creates a standard surface where adversarial user input could attempt to influence the agent's tool selection logic.
Audit Metadata