goclaw-docs-audit
Fail
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands, such as
git diff, using the user-provided<commit-range>argument directly (SKILL.md, Step 1). Additionally, the skill uses theGOCLAW_SOURCE_PATHenvironment variable directly in shell operations likecd $GOCLAW_SOURCE(SKILL.md, Step 8). These patterns allow for command injection if malicious strings are provided. An attacker could potentially execute arbitrary code by supplying a malicious commit range or environment variable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
- Ingestion points: External Markdown documentation files from the GoClaw source repository are read and processed during the 'Accuracy Check' (SKILL.md, Step 4).
- Boundary markers: The instructions do not define delimiters or provide warnings to ignore embedded instructions within the processed data.
- Capability inventory: The agent has the capability to execute shell commands and write files to the local file system.
- Sanitization: There is no evidence of sanitization or content validation for the documentation files being processed.
Recommendations
- AI detected serious security threats
Audit Metadata