clawsweeper-status
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses a bash script (
clawsweeper-status.sh) to perform GitHub API queries via theghCLI. The script accepts several command-line arguments (e.g.,--repo,--hours,--limit) which are interpolated into the API request paths. While the variables are properly quoted to prevent shell-level injection, they control the targets of the network operations.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources that are not under the user's direct control, such as GitHub issue comments and pull request titles. These fields could be used by an adversary to inject instructions into the agent's context.\n - Ingestion points:
scripts/clawsweeper-status.shretrieves issue comments, pull request events, and workflow logs from GitHub.\n - Boundary markers: The skill does not employ boundary markers or specific instructions to the agent to treat the external data as untrusted or non-instructional.\n
- Capability inventory: The script executes the
ghandjqbinaries and manages temporary files in the local file system.\n - Sanitization: Although the script uses
jqto normalize whitespace and remove HTML comments, it does not filter the text for potential instructions or malicious patterns.
Audit Metadata