organization

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the hiclaw CLI and jq to retrieve worker and team information in JSON format. It relies on environment variables like HICLAW_WORKER_CR_NAME and HICLAW_WORKER_NAME to filter queries.
  • [INDIRECT_PROMPT_INJECTION]: The skill accesses external task metadata files which represent a data ingestion surface.
  • Ingestion points: Information is retrieved from shared/tasks/{task-id}/meta.json specifically for routing and room identification.
  • Boundary markers: No specific boundary markers are defined for the data read from the task files.
  • Capability inventory: The skill includes shell command execution via the hiclaw CLI.
  • Sanitization: The instructions explicitly direct the agent to use the CLI as the source of truth and not to infer state from old chat history or task files, reducing the risk of processing stale or manipulated data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 02:31 AM
Security Audit — agent-trust-hub — organization