rei
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the agent to execute local shell scripts (
setup.sh,switch.sh, andrevert.sh) to modify the environment and model settings. - [DATA_EXPOSURE]: The skill interacts with the
~/.clawdbot/clawdbot.jsonfile, which is a sensitive configuration file used for storing provider details and potentially authentication tokens. - [EXTERNAL_DOWNLOADS]: The skill configures the agent to use the external API endpoint
https://coder.reilabs.org/v1. This is a service-specific endpoint associated with the model provider. - [PROMPT_INJECTION]: The skill documentation encourages a workflow where user-supplied API keys are passed directly to a shell script, creating an indirect prompt injection surface. Ingestion points: User-provided API key via agent prompt. Boundary markers: None provided in the instructions. Capability inventory: Execution of subprocesses via shell scripts. Sanitization: No evidence of input sanitization or validation is present in the markdown instructions.
Audit Metadata