openclaw-handoff
Pass
Audited by Gen Agent Trust Hub on Jul 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes platform-specific clipboard utilities such as pbcopy, wl-copy, xclip, and clip.exe. It proactively includes security instructions to avoid inline shell quoting when handling user text, recommending the use of temporary files or pipes to prevent command injection vulnerabilities.
- [PROMPT_INJECTION]: The skill functions as a template generator that ingests untrusted data from the repository environment and user input. To mitigate indirect prompt injection risks and data exposure, it enforces strict rules against the use of absolute file paths and mandates the use of portable anchors such as repository symbols and issue URLs.
Audit Metadata