session-history
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by ingesting historical session data. * Ingestion points: The script
scripts/search_sessions.pyreads JSONL files from~/.openclaw/agents/*/sessions/. * Boundary markers: Absent; historical content is not wrapped in protective delimiters or accompanied by instructions to ignore embedded commands. * Capability inventory: The script performs local file reads; the agent using the skill may have broader system capabilities that could be targeted by instructions found in logs. * Sanitization: Absent; the script does not filter or sanitize message content extracted from session history logs.
Audit Metadata