guidance
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell scripts to perform environment discovery. It executes commands such as
which,find,sed, anddirnameto identify the CoPaw binary path and locate documentation directories. - [DATA_EXPOSURE]: The skill is designed to read the content of local Markdown files (using
cator a file reader) to extract information for the user. While this involves reading local data, the operations are scoped to documentation directories and characteristic filenames likefaq.en.md. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and processes external data from the local filesystem.
- Ingestion points: Local Markdown files in documentation directories (e.g.,
~/.copaw/memory/docs,website/public/docs/). - Boundary markers: None present; the skill reads file content directly to generate answers.
- Capability inventory: Shell command execution (
find,which,sed) and file reading capabilities. - Sanitization: No content validation or sanitization is performed on the retrieved documentation text before processing.
Audit Metadata