Skills
skills/openclaw/skills/metals-agent-teneo/Gen Agent Trust Hub

metals-agent-teneo

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill setup requires installing the @teneo-protocol/sdk package from npm. This package and its associated GitHub organization (TeneoProtocolAI) are not part of the trusted external sources list, making it an unverifiable dependency.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection because it ingests and displays data from an external WebSocket.
  • Ingestion points: Data retrieved via sdk.sendMessage in SKILL.md.
  • Boundary markers: None provided in the usage examples.
  • Capability inventory: Performs network read operations via WebSockets.
  • Sanitization: No sanitization or validation of the remote content is shown before it is passed to the agent context.
  • [DATA_EXFILTRATION] (SAFE): No evidence of sensitive local file access or unauthorized data transmission. Network communication is limited to the documented WebSocket endpoint.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 02:30 PM