incident-response
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies extensively on executing shell commands and scripts to perform its core functions.
- Evidence: Usage of
openclawCLI for detection, containment, and recovery. - Evidence: Integration examples using
bashandgroovy(Jenkins) for automated workflows, including command substitution like$(echo $output | jq .id). - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface as it ingests and processes untrusted external data.
- Ingestion points: The skill scans logs and metrics via the
/api/incident/detectendpoint and parses incident data using the--analyze-depthflag. - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands within logs/metrics are defined.
- Capability inventory: The skill has high-impact capabilities including resource containment (e.g., pausing Kubernetes pods) and system recovery (e.g., rollbacks).
- Sanitization: While the skill mentions validating JSON fields for required keys like
threshold, there is no evidence of sanitizing or escaping the actual content of the logs or incident data before it is processed by the agent. - [EXTERNAL_DOWNLOADS]: The skill references external integrations with well-known services.
- Evidence: Integration with PagerDuty (
pagerduty.com) and Prometheus for monitoring and notifications.
Audit Metadata