orchestrator
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way it handles and routes untrusted data payloads.
- Ingestion points: Data enters the system via the
--payloadCLI argument, thepayloadJSON field in API requests, and externalconfig.jsonfiles. - Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential commands embedded within the input payloads.
- Capability inventory: The skill possesses the ability to execute CLI commands through the
openclawtool and initiate network requests via the Pythonrequestslibrary. - Sanitization: There is no evidence of input validation or sanitization before data is passed to other instances or processed by the system.
- [EXTERNAL_DOWNLOADS]: The skill documentation mandates the installation of an external software package.
- Evidence: Users are instructed to perform
pip install openclaw-sdkto enable skill functionality. - [COMMAND_EXECUTION]: The skill relies on local command-line tools to perform its orchestration and delegation tasks.
- Evidence: The documentation features several examples of using the
openclaw orchestratorCLI for routing, fanout, and session management.
Audit Metadata