Skills
skills/openclaw/skills/summarize/Gen Agent Trust Hub

summarize

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the summarize command-line utility to perform its primary function.
  • [EXTERNAL_DOWNLOADS]: The skill defines installation steps that download a binary from a third-party Homebrew repository (steipete/tap/summarize).
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it summarizes data from untrusted external sources.
  • Ingestion points: Untrusted data enters the context via URLs and file paths passed to the summarize command in SKILL.md.
  • Boundary markers: The skill lacks delimiters or instructions to ignore commands within the summarized content.
  • Capability inventory: The skill enables subprocess execution of the summarize binary as shown in the examples.
  • Sanitization: There is no evidence of sanitization or filtering of external content before it is processed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 10:46 AM