adhd-body-doubling
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a local helper script
scripts/start-session.shused to initialize focus sessions. This script collects user input (tasks, energy levels) and generates a JSON history file. The script utilizes standard shell practices and includes ajson_escapefunction to ensure that user-provided strings are correctly formatted before being written to the data files.\n- [PROMPT_INJECTION]: The skill implements a session history feature (Category 8 surface) where past task descriptions are stored and can be reviewed by the agent to identify productivity patterns. \n - Ingestion points: Session history is read from
~/.openclaw/skills/adhd-body-doubling/history/when the user requests a history overview.\n - Boundary markers: The agent is guided by strict behavioral protocols defined in
SKILL.mdandreferences/protocols.mdwhich specify how history data should be processed.\n - Capability inventory: The agent can execute the provided local initialization script and read/write to the skill's specific history directory.\n
- Sanitization: User input is escaped via the
json_escapehelper in the shell script before persistence, reducing the risk of data being misinterpreted as commands or instructions.
Audit Metadata