adhd-body-doubling
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides an executable bash script (
scripts/start-session.sh) used to initialize focus sessions, capture user input, and manage local session state. While the script performs basic JSON escaping, it handles user-provided task descriptions directly. - [PROMPT_INJECTION]: The
README.mdfile includes a simulated 'Detailed Security Audit' table. This metadata is misleading as it attributes several 'Medium' risk findings to the skill (such as data exfiltration to an external API and network probing) which are not supported by the provided source code. This represents a metadata poisoning attempt that misrepresents the skill's technical behavior. - [PROMPT_INJECTION]: Indirect prompt injection surface identified in the session workflow.
- Ingestion points: User-provided task descriptions and micro-step definitions in
SKILL.mdandscripts/start-session.sh. - Boundary markers: Absent; user input is directly incorporated into the session history and autopsy prompts without delimiters.
- Capability inventory: Local file-write operations to
~/.openclaw/skills/adhd-body-doubling/history/performed by the provided shell script. - Sanitization: Employs a limited
json_escapefunction in the shell script to handle backslashes and quotes, but lacks broader content validation or instruction filtering.
Audit Metadata