coding-cli
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses shell commands to manage a workspace environment within the
/root/hiclaw-fs/directory, including directory creation (mkdir), file copying (cp), and navigation (cd). - [EXTERNAL_DOWNLOADS]: The skill employs
git cloneto fetch source code from external repositories as part of the workspace preparation process. - [DATA_EXFILTRATION]: The skill uses the
mc mirrorcommand to synchronize data from the local filesystem to an external storage service defined by the${HICLAW_STORAGE_PREFIX}environment variable. This is used to share the workspace with the Manager component. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes task requirements from an external
spec.mdfile and incorporates them into a prompt generated for downstream AI tools like Claude Code or Gemini CLI. - Ingestion points: The skill reads task instructions and coding requirements from a
spec.mdfile. - Boundary markers: None identified; the generated prompt directly includes task requirements.
- Capability inventory: The skill can execute shell commands, clone repositories, and synchronize files to remote storage.
- Sanitization: There is no explicit validation or sanitization of the input task description before it is interpolated into the prompt for the CLI tool.
Audit Metadata