arch
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [NO_CODE]: The skill contains only markdown-based documentation and instructions, with no accompanying scripts or executable files.
- [PROMPT_INJECTION]: The skill identifies a surface for indirect prompt injection through the processing of untrusted architectural requirements. 1. Ingestion points: External files like design.json and adr-input.json. 2. Boundary markers: No delimiters or ignore-instructions warnings are defined. 3. Capability inventory: Execution of openclaw CLI subcommands, network requests to api.openclaw.ai via curl, and file output redirection. 4. Sanitization: No input validation or sanitization steps are documented.
- [COMMAND_EXECUTION]: The skill documentation details the standard usage of the openclaw CLI tool for system design and decision record management.
- [CREDENTIALS_UNSAFE]: The documentation demonstrates a safe approach to authentication by using the $OPENCLAW_API_KEY environment variable rather than hardcoded secrets.
Audit Metadata