system-bus
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection attack surface because it processes data from external webhook providers (Front, GitHub, Vercel, Todoist, Mux) and passes it to an LLM inference utility. * Ingestion points: Webhook handlers in
src/webhooks/providers/and Inngest event payloads. * Boundary markers: No explicit markers or 'ignore instructions' warnings are specified for theinferprompt interpolation. * Capability inventory: Subprocess execution viaBun.spawn(CLI toolspi,joelclaw), Kubernetes management viakubectl, and network operations. * Sanitization: No validation or sanitization of incoming webhook payloads is described. - [COMMAND_EXECUTION]: The skill relies on executing various local commands and management scripts for its primary purpose. * Executes local deployment scripts located at
~/Code/joelhooks/joelclaw/k8s/publish-system-bus-worker.sh. * Spawns subprocesses for thepiCLI to perform inference and thejoelclawCLI for infrastructure management. * Useskubectlfor container orchestration tasks.
Audit Metadata