running-flow
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
robomotionandrobomotion-deskbotCLI tools. These tools are used locally to validate automation scripts, connect to robot sessions, and trigger flow executions. This is standard functionality for the vendor's automation platform. - [DATA_EXFILTRATION]: The skill reads session log files from
~/.config/robomotion/agent/logs/sessions/(Linux/macOS) and%LOCALAPPDATA%\Robomotion\agent\logs\sessions\(Windows). These files are specific to the vendor's toolchain and are used by the agent to observe execution status and errors. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by design.
- Ingestion points: The agent reads and processes untrusted JSONL session logs from the local filesystem (
SKILL.md). - Boundary markers: None identified. The agent is instructed to parse raw log events to drive a 'fix' loop.
- Capability inventory: The agent can execute shell commands (
robomotion run), modify source code (main.ts), and manage environment variables. - Sanitization: There is no evidence of sanitization or validation of the log content before it is processed by the agent to determine its next actions.
Audit Metadata