boss-greeting
Pass
Audited by Gen Agent Trust Hub on Jun 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. It ingests untrusted text from external job descriptions (JD) and processes them alongside sensitive user profile data (resumes) to generate output. Without explicit boundary markers or delimiters, instructions embedded within a job description could potentially override the agent's instructions.
- Ingestion points: Processes external job description text and screenshots provided by the user in
SKILL.md. - Boundary markers: The skill instructions do not specify the use of XML tags, triple backticks, or other delimiters to isolate the untrusted JD content.
- Capability inventory: The skill utilizes
Bash,Read, andWritetools to manage a local sensitive file at~/.openclaw/boss-profile.md. - Sanitization: No logic is defined to sanitize or filter potential instructions embedded within the job description input.
Audit Metadata