channel-context-bridge
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an automated context injection mechanism that is susceptible to indirect prompt injection.
- Ingestion points: Session summaries are ingested from
state.yamland the output ofbridge.py --checkis intended for prompt injection. - Boundary markers: Absent. The
primer_sentencelogic inbridge.pydoes not use delimiters or explicit instructions to isolate the injected context from the agent's core instructions. - Capability inventory: The skill performs file writes to the workspace (
~/.openclaw/workspace/session-bridge/) and maintains its own state files. - Sanitization: Absent. Content provided by the user or summarized from previous interactions is directly interpolated into the primer sentence without validation or escaping.
Audit Metadata