Skills
skills/oneles/openclaw-skill-subagent-manager/subagent_manager/Gen Agent Trust Hub

subagent_manager

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill exhibits a surface for Indirect Prompt Injection (Category 8) due to its core delegation logic.
  • Ingestion points: User tasks are received in the primary agent context and passed directly to the sessions_spawn tool as seen in SKILL.md (Step 2).
  • Boundary markers: There are no explicit delimiters or instructions to the sub-agent to ignore potential instructions embedded within the user-provided task string.
  • Capability inventory: The skill has the capability to spawn new sessions (sessions_spawn), list active sessions (sessions_list), and read execution histories (sessions_history).
  • Sanitization: No sanitization, escaping, or validation of the user input is performed before it is interpolated into the sub-agent's task description.
  • COMMAND_EXECUTION (SAFE): The skill references CLI-style commands (sessions_list, sessions_history) for monitoring progress. These appear to be internal platform tools for the OpenClaw environment and are used according to the skill's primary management purpose.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:58 PM