Skills
skills/firecrawl/openclaw/coding-agent/Gen Agent Trust Hub

coding-agent

Fail

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides explicit instructions for running tools in non-sandboxed modes. It promotes the use of the --yolo flag for the Codex CLI, which is described as having 'NO sandbox, NO approvals'. It also documents an elevated: true parameter for the bash tool, which would allow code to run directly on the host system rather than in a restricted environment.
  • [PROMPT_INJECTION]: The skill is highly susceptible to indirect prompt injection (Category 8). It is designed to ingest and process untrusted external data via git clone and gh pr checkout to review pull requests.
  • Ingestion points: External Git repositories and GitHub Pull Requests (SKILL.md).
  • Boundary markers: No delimiters or instructions to ignore embedded malicious prompts within the code or PR descriptions are provided.
  • Capability inventory: The skill has access to the full bash tool, file system write access, and the ability to execute additional sub-agents.
  • Sanitization: There is no evidence of sanitization or validation of the external content before processing.
  • [EXTERNAL_DOWNLOADS]: The skill encourages the installation and execution of external packages and code, such as @mariozechner/pi-coding-agent via npm install, and cloning arbitrary repositories from GitHub for review and modification.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 18, 2026, 12:42 PM