Skills
skills/openclaw/skills/collaboration-helper/Gen Agent Trust Hub

collaboration-helper

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection, as it processes and displays content that may be influenced by untrusted external sources.
  • Ingestion points: The script scripts/collaboration_helper.py reads task data from data/tasks.json or an arbitrary path provided via the --data or --workspace arguments.
  • Boundary markers: Task metadata (titles, notes, owners) is displayed to the agent without delimiters or instructions to ignore embedded commands, which may lead the agent to follow instructions hidden within the task data.
  • Capability inventory: The skill has the capability to read and write JSON files to the local filesystem. The ability to specify arbitrary paths for the data file increases the surface area for unauthorized file access if the agent is manipulated.
  • Sanitization: The implementation in scripts/collaboration_helper.py performs no sanitization, escaping, or validation on the strings provided for the title, owner, or note fields before they are persisted or output to the console.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 05:56 PM