loop-circuit-breaker
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by instructing the agent to carefully analyze error messages originating from potentially untrusted tools to diagnose loop root causes.
- Ingestion points: Untrusted tool inputs and error strings are passed to the check.py script as command-line arguments.
- Boundary markers: No delimiters or isolation instructions are provided to ensure the agent treats error content as untrusted data.
- Capability inventory: The skill maintains its own session state through local file writes to the ~/.openclaw directory.
- Sanitization: While tool signatures are hashed for identification, the raw error text is stored and presented back to the agent without sanitization or escaping.
Audit Metadata