init-openclaw-agent
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill manages files that are directly injected into the agent prompt (such as AGENTS.md and SOUL.md), which represents an inherent surface for indirect prompt injection if untrusted data is written to these files.\n
- Ingestion points: Workspace configuration files including AGENTS.md, SOUL.md, USER.md, and daily memory files located in the agent workspace root.\n
- Boundary markers: The configuration instructions do not explicitly require or define boundary markers for the content within workspace files.\n
- Capability inventory: The skill utilizes file writing, editing, and execution capabilities via the openclaw CLI and standard file tools.\n
- Sanitization: No explicit sanitization or validation routines for the content added to workspace files are documented in the instructions.\n- [COMMAND_EXECUTION]: The skill provides instructions for executing the openclaw command-line interface to perform runtime diagnostics and configuration synchronization.\n
- Evidence: Instructions call for the execution of commands such as 'openclaw doctor', 'openclaw status', and 'openclaw sandbox explain'.
Audit Metadata