session-persistence
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified. 1. Ingestion points: Reads conversation logs from ~/.openclaw/sessions and related directories. 2. Boundary markers: No specific delimiters used when presenting search results to the agent. 3. Capability inventory: Skill is restricted to local file and database operations; no network or subprocess access was detected. 4. Sanitization: No instruction-filtering is applied to the recalled text before display.
- [SAFE]: Data processing is performed using secure methods, including parameterized SQL queries and safe YAML parsing. The use of cron is a declared platform feature used for its intended purpose of maintaining an up-to-date index.
Audit Metadata