openclaw-release-maintainer

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill processes untrusted data from the repository which creates a surface for indirect prompt injection.\n
  • Ingestion points: The skill reads the CHANGELOG.md file to generate release notes for GitHub releases.\n
  • Boundary markers: The instructions do not specify any delimiters or safety prompts to prevent the agent from following instructions embedded within the changelog content.\n
  • Capability inventory: The agent is instructed to execute multiple shell commands (pnpm build, pnpm test:install:smoke, etc.), perform Git operations (tagging), and interact with GitHub APIs to create releases.\n
  • Sanitization: No sanitization or validation of the input from CHANGELOG.md is mentioned before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill instructions direct the agent to execute several shell commands and local scripts for building, checking, and verifying the release.\n
  • Evidence: Commands include pnpm build, pnpm ui:build, pnpm release:check, pnpm test:install:smoke, node --import tsx scripts/openclaw-npm-postpublish-verify.ts, scripts/package-mac-dist.sh, and scripts/make_appcast.sh.\n
  • Context: These commands are part of the legitimate release and validation process but provide the skill with significant local execution capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — openclaw-release-maintainer