nemoclaw-maintainer-morning
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes project-specific TypeScript scripts (version-target.ts, triage.ts, state.ts) using Node.js to calculate versioning targets and rank the daily workload.\n- [COMMAND_EXECUTION]: Employs the GitHub CLI (gh) to modify repository metadata, specifically creating version labels and editing labels on PRs and issues within the NVIDIA/NemoClaw repository.\n- [PROMPT_INJECTION]: The skill processes data from GitHub PRs and issues, representing a surface for indirect prompt injection (Category 8). This is inherent to the tool's primary function of triaging external contributions.\n
- Ingestion points: Reads content from GitHub via gh-pr-merge-now and find-review-pr tools.\n
- Boundary markers: Not identified in the command sequences or prompts.\n
- Capability inventory: Modifies repository labels/status via gh and executes local utility scripts via node.\n
- Sanitization: No explicit validation or sanitization of ingested PR/issue text is mentioned.
Audit Metadata