Skills
skills/tnnevol/skills/ding-agent/Gen Agent Trust Hub

ding-agent

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Node.js scripts (scripts/query-agents.cjs and scripts/resolve-session.cjs) to perform agent lookup and session management tasks.\n- [PROMPT_INJECTION]: The skill acts as a message relay between agents, creating an indirect prompt injection surface.\n
  • Ingestion points: User-supplied messages are captured as arguments in the contact action in SKILL.md.\n
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are used when relaying the message.\n
  • Capability inventory: The skill uses the sessions_send tool to transmit the message to target agent sessions resolved from configuration.\n
  • Sanitization: The scripts do not perform validation or escaping of the user message before it is sent to the target agent.\n- [DATA_EXFILTRATION]: The skill reads the local ~/.openclaw/openclaw.json configuration file to extract agent IDs, account bindings, and workspace paths. While this is necessary for its core functionality, it represents an exposure of internal configuration metadata to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 12:50 PM
Security Audit — agent-trust-hub — ding-agent