boss-greeting

Pass

Audited by Gen Agent Trust Hub on Jun 9, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. It ingests untrusted text from external job descriptions (JD) and processes them alongside sensitive user profile data (resumes) to generate output. Without explicit boundary markers or delimiters, instructions embedded within a job description could potentially override the agent's instructions.
  • Ingestion points: Processes external job description text and screenshots provided by the user in SKILL.md.
  • Boundary markers: The skill instructions do not specify the use of XML tags, triple backticks, or other delimiters to isolate the untrusted JD content.
  • Capability inventory: The skill utilizes Bash, Read, and Write tools to manage a local sensitive file at ~/.openclaw/boss-profile.md.
  • Sanitization: No logic is defined to sanitize or filter potential instructions embedded within the job description input.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 9, 2026, 10:44 AM
Security Audit — agent-trust-hub — boss-greeting