security-triage
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it instructs the agent to read and process external GitHub Security Advisory (GHSA) bodies.
- Ingestion points: Data is fetched via
gh api /repos/openclaw/openclaw/security-advisories/<GHSA>. - Boundary markers: No specific delimiters or safety instructions are used to isolate the advisory content from the agent's instructions.
- Capability inventory: The agent can execute shell commands including
git,gh,npm, andpbcopy(SKILL.md). - Sanitization: No sanitization or filtering of the external advisory body is performed before processing.
- [COMMAND_EXECUTION]: The skill utilizes several command-line tools to perform its intended tasks.
- Evidence: Uses
git(tag, show),gh(api, search), andnpm(view) to inspect the repository state and project metadata. - Evidence: Uses
pbcopyto facilitate copying the generated response to the user's system clipboard.
Audit Metadata