data-catalog
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill performs network operations to an external domain
api.opencclaw.com. This domain is not recognized as a trusted organization or well-known service in the current security context. - [COMMAND_EXECUTION]: The skill provides examples of using
subprocess.runto call thedcatalogCLI tool. This demonstrates a capability for the agent to execute shell commands on the host system. - [PROMPT_INJECTION]: The skill processes metadata and search queries from potentially untrusted sources, which constitutes an indirect prompt injection attack surface.
- Ingestion points: Metadata registration (
dcatalog register --metadata) and asset search (dcatalog search --query). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are defined in the skill documentation.
- Capability inventory: The skill utilizes
subprocess.runfor CLI interactions and therequestslibrary for network communication with external APIs. - Sanitization: While the documentation suggests validating JSON with
json.loads(), there is no evidence of sanitization to prevent malicious instructions within the metadata strings from influencing the agent's logic.
Audit Metadata