pipeline-analytics
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill relies on translating natural language into DuckDB SQL queries. This runtime generation and execution of code pose a risk of SQL injection or unauthorized data access if the model generates queries outside of the intended workspace views.
- [Indirect Prompt Injection] (LOW): The skill processes potentially untrusted data from CRM databases to generate reports, which could lead to injection if data content is treated as instructions.
- Ingestion points: CRM database views and tables (
v_leads,objects,entries). - Boundary markers: Absent; the skill does not specify delimiters or instructions to the agent to disregard instructions embedded within the database records.
- Capability inventory: DuckDB query execution and file writing to the
~/.openclaw/workspace/reports/directory. - Sanitization: Absent; raw database results are directly formatted into a JSON structure for Recharts rendering.
- [Persistence Mechanisms] (LOW): The skill includes functionality for 'Cron Integration' to schedule automated reports. This utilizes the system's scheduling capabilities to execute agent actions periodically.
Audit Metadata