openclaw-release-maintainer
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the repository which creates a surface for indirect prompt injection.\n
- Ingestion points: The skill reads the
CHANGELOG.mdfile to generate release notes for GitHub releases.\n - Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded within the changelog content.\n
- Capability inventory: The agent is instructed to execute multiple shell commands (
pnpm build,pnpm test:install:smoke, etc.), perform Git operations (tagging), and interact with GitHub APIs to create releases.\n - Sanitization: No sanitization or validation of the input from
CHANGELOG.mdis mentioned before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute several shell commands and local scripts for building, checking, and verifying the release.\n - Evidence: Commands include
pnpm build,pnpm ui:build,pnpm release:check,pnpm test:install:smoke,node --import tsx scripts/openclaw-npm-postpublish-verify.ts,scripts/package-mac-dist.sh, andscripts/make_appcast.sh.\n - Context: These commands are part of the legitimate release and validation process but provide the skill with significant local execution capabilities.
Audit Metadata