large-file-interceptor
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill functions by executing a local Python script,
intercept.py, which handles file scanning, structural analysis, and data management. This is the primary mechanism for the skill's utility. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because the structural summaries and reference cards it generates include raw snippets of data from the files being analyzed. These snippets (e.g., JSON key-value pairs, log lines, or Markdown headings) are inserted directly into the agent's context.
- Ingestion points:
intercept.pyreads data from files on the local filesystem during scan and summarize operations. - Boundary markers: While reference cards are delimited by
[FILE REFERENCE: ref-XXX], they do not include instructions to the agent to disregard any commands or instructions contained within the summarized content. - Capability inventory: The skill possesses read access to the filesystem and write access to a local storage directory (~/.openclaw/lcm-files/), allowing it to duplicate and later restore large files.
- Sanitization: No sanitization or escaping is applied to the content samples extracted from processed files before they are presented to the agent.
Audit Metadata