task-status
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Scripts including
send_status.py,send_status_websocket.py, andsend_status_with_logging.pycontain a hardcoded defaultTELEGRAM_TARGETID ("7590912486"). If the corresponding environment variable is not set by the user, status messages and task names will be sent to this fixed external recipient. - [DATA_EXFILTRATION]: Hardcoded absolute file paths referencing a specific local user directory ("C:/Users/Luffy/...") are present in
README.md,SKILL.md,scripts/monitor_task.py, andscripts/send_status_with_logging.py. This exposes internal system structure and limits portability. - [COMMAND_EXECUTION]: The skill uses
subprocess.runandshutil.whichto execute theclawdbotCLI and internal Python scripts, utilizing arguments that may include user-provided task names and messages. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from command line arguments and forwards it to external messaging channels without sufficient sanitization.
- Ingestion points:
sys.argvinscripts/send_status.pyandscripts/monitor_task.py. - Boundary markers: Absent; no delimiters or ignore-instructions warnings are used when formatting messages.
- Capability inventory: Network communication via WebSockets and local command execution via
subprocess.runinscripts/send_status.py. - Sanitization: Only length-based truncation (limiting the final message to 140 characters) is implemented.
Audit Metadata