joelclaw-web
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions include running system commands like
kubectl,tailscale, andlaunchctlto gather status for a public monitoring page. These are necessary for the skill's stated purpose and are managed under specific security rules. - [PROMPT_INJECTION]: The skill identifies an ingestion surface for indirect injection via processed content.
- Ingestion points: Data from Convex database and local MDX files.
- Boundary markers: No explicit delimiters for data interpolation are specified.
- Capability inventory: Access to the local monorepo filesystem, database upserts, and an internal revalidation API.
- Sanitization: Uses regex for specific structural formatting, but lacks general sanitization for embedded instructions.
- [DATA_EXFILTRATION]: To prevent exposure of infrastructure secrets, the skill mandates 'OPSEC Rules' that require aliasing hostnames and stripping sensitive identifiers (ports, IPs) before data is rendered publicly.
Audit Metadata