Skills
skills/aaaaqwq/claude-code-skills/openclaw-workspace-audit/Gen Agent Trust Hub

openclaw-workspace-audit

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from workspace files which may influence agent behavior.
  • Ingestion points: Workspace files including AGENTS.md, SOUL.md, USER.md, TOOLS.md, IDENTITY.md, HEARTBEAT.md, BOOT.md, MEMORY.md, and the memory/ directory are read during the audit (SKILL.md).
  • Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used when reading these files.
  • Capability inventory: Includes the edit tool for workspace file modification (SKILL.md Phase 6), file writing to memory/, and cron job creation.
  • Sanitization: Absent; the skill does not validate or sanitize ingested file content before processing.
  • [COMMAND_EXECUTION]: The skill uses high-privilege capabilities to manage the agent workspace and schedule tasks.
  • File Modification: Uses an edit tool to perform surgical edits on local configuration files during Phase 6.
  • Persistence Mechanism: Proposes the creation of a recurring cron job (workspace-audit:periodic) for scheduling future audits.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 01:18 AM