agent-protocol
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The
subscribe.pyscript executes arbitrary local scripts as event handlers viasubprocess.run. While this facilitates the skill's primary function as an orchestration engine, it establishes a high-risk capability that could be abused if the configuration files or handler scripts are compromised. - [PROMPT_INJECTION] (LOW): The architecture relies on variable substitution (
{{payload.field}}) to pass event data to other agents, creating a surface for Indirect Prompt Injection. \n - Ingestion points: Event queue files at
~/.clawdbot/events/queue/*.json.\n - Boundary markers: Absent; the system uses direct template interpolation.\n
- Capability inventory: Subprocess execution of handlers and agents.\n
- Sanitization: None; payloads are used raw without escaping or validation.
- [DATA_EXFILTRATION] (SAFE): No hardcoded credentials, sensitive file access outside of the skill's own data directory, or unauthorized network activity was detected in the provided code.
Audit Metadata