coding
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill transmits code snippets and API keys to the api.openclaw.ai domain for analysis.
- [COMMAND_EXECUTION]: The skill utilizes a local CLI tool (openclaw) to analyze code quality and enforce programming standards.
- [PROMPT_INJECTION]: The skill's ingestion of external code snippets and diffs creates a surface for indirect prompt injection. 1. Ingestion points: Code payloads in API requests and file inputs (input.txt) for the CLI. 2. Boundary markers: No delimiters or ignore-instructions are used to isolate user data. 3. Capability inventory: Performs network requests (requests.post) and executes local commands (openclaw CLI). 4. Sanitization: No sanitization of the input code is described.
Audit Metadata