emotion-journal
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and writes natural language data (summaries and profile notes) that are later used to provide context for the agent. This allows information from a previous session to influence the agent's behavior in future sessions.
- Ingestion points: Reads historical data from
entries/YYYYMMDD.jsonandprofile-notes.mdinSKILL.md. - Boundary markers: None identified. There are no delimiters or instructions provided to help the agent distinguish between stored data and active instructions.
- Capability inventory: The skill performs file read and write operations on the local file system within the
~/.openclaw/workspaces/companion/journal/directory. - Sanitization: No sanitization, escaping, or validation of the natural language content is described in the provided interface definitions.
Audit Metadata