openclaw-github-repo-commander
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The workflow involves the execution of a local shell script (
scripts/repo-audit.sh) to perform repository auditing tasks. While this is an intended feature of a development tool, it involves running arbitrary script logic. - [EXTERNAL_DOWNLOADS]: The skill uses
git cloneto download target repositories from external sources (GitHub) into the local environment for analysis. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted content from external repositories and GitHub search results.
- Ingestion points: Cloned repository files (Stage 1) and competitor repository metadata from GitHub search results (Stage 4) are brought into the agent's context.
- Boundary markers: The documentation does not specify the use of delimiters or instructions to ignore embedded commands within the processed repository data.
- Capability inventory: The skill possesses the capability to execute shell scripts (
scripts/repo-audit.sh), delete or modify local files (Stage 6), and push changes back to a remote repository (Stage 7). - Sanitization: There is no mention of sanitizing or validating external repository content before the agent performs the 'Reflection' (Stage 3) or 'Synthesis' (Stage 5) phases, which could lead the agent to follow instructions embedded in the analyzed code.
Audit Metadata