nemoclaw-maintainer-release-notes
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes
gitandghcommands to inspect repository tags and retrieve metadata. These commands are necessary for the skill's primary function and are correctly scoped to the official NemoClaw repository. - [EXTERNAL_DOWNLOADS]: Release data and contributor membership status are fetched via the GitHub API. These network operations are conducted against a well-known service and the vendor's own organization infrastructure, which is consistent with the skill's purpose.
- [PROMPT_INJECTION]: The skill processes untrusted input from pull request titles and descriptions when generating summaries, presenting a surface for indirect prompt injection. This risk is managed by the skill's design, which generates a static Markdown draft for manual maintainer verification rather than executing commands derived from the PR content.
- Ingestion points: PR metadata (titles, bodies, authors) retrieved via
gh pr viewas described in Step 2 of SKILL.md. - Boundary markers: None specified in the instructions.
- Capability inventory: Shell command execution (
git,gh,sed,printf) and local filesystem writes for draft creation. - Sanitization: No explicit sanitization or escaping of pull request content is performed prior to interpolation into the draft.
Audit Metadata