automation-workflows
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill enables the dynamic execution of custom JavaScript snippets (e.g.,
return data.map(...)) for data transformation, which are defined within workflow configuration files. - [COMMAND_EXECUTION]: The skill utilizes a custom CLI tool (
claw) for workflow management and suggests the use of system cron for task scheduling, which involves modifying system-level task configurations. - [EXTERNAL_DOWNLOADS]: The skill communicates with the vendor's API at
api.openclaw.comand supports the configuration of outbound webhooks to interact with external services. - [PROMPT_INJECTION]: The skill identifies an attack surface for indirect prompt injection by processing external data from untrusted sources.
- Ingestion points: Untrusted data enters the agent context via HTTP POST triggers and webhook integrations (e.g., GitHub events) described in SKILL.md.
- Boundary markers: No specific boundary markers or 'ignore' instructions are defined to isolate untrusted payload data from the processing logic.
- Capability inventory: The skill is capable of executing JavaScript snippets, invoking CLI commands via the
clawtool, and performing network operations using the Pythonrequestslibrary. - Sanitization: There is no documentation regarding the sanitization or validation of ingested payloads before they are passed to transformation functions or outbound webhooks.
Audit Metadata