clawflow

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious behavior or high-risk security patterns were identified in the framework documentation or the provided workflow examples. The skill serves as a structural substrate for task orchestration within the vendor's ecosystem.
  • [PROMPT_INJECTION]: The illustrative examples (inbox-triage.lobster and pr-intake.lobster) demonstrate an indirect prompt injection surface where external untrusted data is ingested and processed by an LLM tool.
  • Ingestion points: External data enters the context via gog.gmail.search (Gmail messages) and gh pr list (GitHub PR titles and bodies).
  • Boundary markers: The examples do not demonstrate the use of delimiters or specific "ignore embedded instructions" warnings to isolate untrusted content from the system prompts.
  • Capability inventory: The workflows include the ability to send messages via Slack and Telegram, and to perform automated actions on GitHub PRs (close, request changes).
  • Sanitization: No demonstration of sanitization or validation of the external content is present in the illustrative examples.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — clawflow