self-enhance
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by design. Ingestion points: It reads untrusted data from git commit logs and memory files. Boundary markers: The process lacks delimiters or instructions to ignore embedded commands in the source data. Capability inventory: The skill can modify core identity files (SOUL.md, AGENTS.md) and create new executable logic in the .claude/skills/ directory. Sanitization: No validation or sanitization is performed on the patterns extracted from untrusted data before they are applied as file edits.
- [COMMAND_EXECUTION]: The skill executes the
gitcommand to access repository logs and recommends using theopenclawCLI to establish a persistent scheduled task via cron. It also manages files in the{project}/.claude/skills/directory, which allows for the dynamic generation of new agent capabilities and logic.
Audit Metadata