last30days
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a sensitive local file path at
~/.openclaw/credentials/bird.envto load environment variables for the Bird CLI tool. This is a legitimate requirement for the skill's primary purpose of searching X/Twitter and is clearly documented in the setup section. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and synthesizes content from untrusted third-party platforms (Reddit, X, and general web articles).
- Ingestion points: The skill retrieves data using
web_search,web_fetch,reddit_search, andbird searchoperations. - Boundary markers: The workflow does not define explicit delimiters or 'ignore' instructions to prevent the agent from following commands embedded within the retrieved research data.
- Capability inventory: The skill possesses the ability to perform wide-ranging web searches and fetch full article content.
- Sanitization: No explicit sanitization, filtering, or instruction-stripping of the external content is mentioned in the processing logic.
Audit Metadata