security-triage

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to read and process external GitHub Security Advisory (GHSA) bodies.
  • Ingestion points: Data is fetched via gh api /repos/openclaw/openclaw/security-advisories/<GHSA>.
  • Boundary markers: No specific delimiters or safety instructions are used to isolate the advisory content from the agent's instructions.
  • Capability inventory: The agent can execute shell commands including git, gh, npm, and pbcopy (SKILL.md).
  • Sanitization: No sanitization or filtering of the external advisory body is performed before processing.
  • [COMMAND_EXECUTION]: The skill utilizes several command-line tools to perform its intended tasks.
  • Evidence: Uses git (tag, show), gh (api, search), and npm (view) to inspect the repository state and project metadata.
  • Evidence: Uses pbcopy to facilitate copying the generated response to the user's system clipboard.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — security-triage