xianyu_manage
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the bash tool to execute the
src.cliPython module located in/home/node/.openclaw/workspaceto perform administrative tasks on Xianyu products. - [PROMPT_INJECTION]: An indirect prompt injection surface is present where user-supplied inputs are used to construct shell commands. * Ingestion points: Parameters such as product_id, price, and reason provided by the user are interpolated into bash commands in SKILL.md. * Boundary markers: No delimiters or safety instructions are used to separate user data from the command structure. * Capability inventory: The skill possesses the capability to execute shell commands via the bash tool. * Sanitization: There is no evidence of validation or escaping of user input, which could allow a malicious user to append additional commands.
Audit Metadata