agent-task-manager
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates data movement between agents (e.g., from 'ContractAuditor' to 'FinancialAnalyst'), creating a vulnerability surface for indirect prompt injection where malicious instructions in external inputs could influence downstream actions.
- Ingestion points: Processed data fields such as contract addresses and safety scores described in the MoltFinance-Auditor example.
- Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions to isolate data from agent prompts.
- Capability inventory: Workflow orchestration via 'molt_task.py' and the 'cooldown.sh' execution wrapper.
- Sanitization: There is no evidence of input validation or content filtering mentioned in the provided skill overview.
- [COMMAND_EXECUTION]: The skill utilizes internal Python and Shell scripts ('molt_task.py' and 'scripts/cooldown.sh') to manage task state and rate-limiting logic. These are vendor-owned resources from 'openclaw' and represent standard functionality for orchestration.
Audit Metadata