gateway
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the joelclaw CLI for daemon management, including status checks, restarts, and behavior configuration. It also uses standard tools like kubectl, colima, and the Vercel CLI for operational checks and deployment verification (SKILL.md).
- [PROMPT_INJECTION]: The gateway daemon processes untrusted data from external sources including Telegram, Discord, Slack, iMessage, and webhooks (SKILL.md). This creates a surface for indirect prompt injection where malicious instructions could be embedded in external messages. Mandatory Evidence Chain: 1. Ingestion points: External messages and events via Telegram, Slack, Discord, and webhooks (SKILL.md). 2. Boundary markers: No explicit delimiter markers for payload data are specified to distinguish instructions from data. 3. Capability inventory: Execution of vendor CLI commands and infrastructure tools such as kubectl and vercel (SKILL.md). 4. Sanitization: Mentions runtime guardrail enforcement (ADR-0189) including tool-budget checkpoints and deployment verification (SKILL.md).
Audit Metadata