openclaw
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data, creating an indirect prompt injection vulnerability.\n- Ingestion points: Documentation is fetched from
https://docs.openclaw.ai/llms.txtand subsequent topical documentation pages.\n- Boundary markers: Absent; the sub-agent prompt template lacks delimiters (such as XML tags or triple quotes) or specific instructions to disregard embedded commands within the retrieved documentation content.\n- Capability inventory: The skill utilizes theTasktool for sub-agent orchestration and recommends the use ofWebFetchfor retrieving remote web content.\n- Sanitization: Absent; the skill does not incorporate steps for sanitizing, filtering, or validating documentation content before it is processed by the agent.
Audit Metadata