gateway
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill parses operator directives from external chat messages (KEEP, MORE, LESS, STOP, START), which presents an interface for influencing agent behavior via external input. \n- [INDIRECT_PROMPT_INJECTION]: \n
- Ingestion points: Ingests untrusted data from Telegram, Discord, iMessage, Slack, Inngest events, and Webhooks (documented in SKILL.md). \n
- Boundary markers: Uses 'strict syntax' for certain commands but lacks explicit delimiters for general message processing; documentation warns of 'bad hidden context-refresh injection'. \n
- Capability inventory: Can execute CLI commands (joelclaw), interact with Kubernetes (kubectl), manage Docker (colima), and verify Vercel deployments (vercel). \n
- Sanitization: Relies on manual scoping and warnings; documentation acknowledges that malicious instructions have previously caused 'voice/livekit notes bleeding into the gateway transcript'. \n- [COMMAND_EXECUTION]: The skill executes administrative commands (joelclaw, kubectl, colima, vercel) to manage infrastructure and service states on the local system and connected cloud services.
Audit Metadata