Skills
skills/nvidia/nemoclaw/nemoclaw-maintainer-evening/Gen Agent Trust Hub

nemoclaw-maintainer-evening

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local TypeScript scripts using Node.js to automate release workflows. These scripts, such as version-target.ts and handoff-summary.ts, are located within the vendor's .agents/skills/ directory and perform maintenance tasks on the local repository.\n- [PROMPT_INJECTION]: The skill processes repository data (commit history and issue titles) to generate summaries, which represents an indirect prompt injection surface.\n
  • Ingestion points: Repository commit history and version metadata processed via scripts in SKILL.md.\n
  • Boundary markers: None identified for delimiting external content in the generated summary.\n
  • Capability inventory: Execution of local Node.js scripts and tool invocation (cut-release-tag) as defined in SKILL.md.\n
  • Sanitization: None specified for repository data processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 11:35 PM