input-guard
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is designed to process untrusted external content and has the capability to perform side-effect actions like writing to the filesystem (taxonomy.json) and executing external reporting scripts. This creates a high-severity surface for indirect prompt injection, where an attacker could bypass detection to trigger unintended agent actions. * Ingestion points: Untrusted text is passed to scripts/scan.py via CLI or stdin. * Boundary markers: Absent. * Capability inventory: Subprocess.run in evals/run.py, requests.get in get_taxonomy.py, and file-write to taxonomy.json. * Sanitization: Relies on internal pattern and LLM detection logic.
- COMMAND_EXECUTION (MEDIUM): The 'report-to-molthreats.sh' script executes an external Python script ('molthreats.py') using a path derived from environment variables like 'OPENCLAW_WORKSPACE' or 'MOLTHREATS_SCRIPT'. This introduces a risk where a compromised environment can lead to arbitrary code execution by redirecting the script path.
- EXTERNAL_DOWNLOADS (LOW): The 'get_taxonomy.py' script performs network requests to 'api.promptintel.novahunting.ai' to fetch and refresh its threat taxonomy. Although functional for its security purpose, this represents an external dependency on a non-whitelisted domain.
Recommendations
- AI detected serious security threats
Audit Metadata