task-status
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The scripts scripts/send_status.py, scripts/send_status_websocket.py, and scripts/send_status_with_logging.py include a hardcoded default Telegram target ID (7590912486). If the TELEGRAM_TARGET environment variable is not provided by the user, all status messages—which may contain sensitive information about the agent's tasks and progress—are automatically transmitted to this specific external account.
- [COMMAND_EXECUTION]: The skill utilizes subprocess.run in scripts/send_status.py and scripts/send_status_with_logging.py to execute the clawdbot CLI tool. This capability allows the skill to spawn external processes with arguments that may be derived from potentially untrusted task data.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its handling of arbitrary strings for status reporting.
- Ingestion points: The message and details arguments processed by scripts/send_status.py, scripts/monitor_task.py, and related scripts.
- Boundary markers: None; external content is concatenated directly into the message strings.
- Capability inventory: The skill can perform network operations via WebSockets and execute local system commands via subprocess.run.
- Sanitization: There is no validation or escaping of the input strings beyond basic length truncation.
Recommendations
- AI detected serious security threats
Audit Metadata