organization
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
hiclawCLI andjqto retrieve worker and team information in JSON format. It relies on environment variables likeHICLAW_WORKER_CR_NAMEandHICLAW_WORKER_NAMEto filter queries. - [INDIRECT_PROMPT_INJECTION]: The skill accesses external task metadata files which represent a data ingestion surface.
- Ingestion points: Information is retrieved from
shared/tasks/{task-id}/meta.jsonspecifically for routing and room identification. - Boundary markers: No specific boundary markers are defined for the data read from the task files.
- Capability inventory: The skill includes shell command execution via the
hiclawCLI. - Sanitization: The instructions explicitly direct the agent to use the CLI as the source of truth and not to infer state from old chat history or task files, reducing the risk of processing stale or manipulated data.
Audit Metadata