clawtributor
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches skill components and updates from the official prompt-security GitHub repository. The installation process includes rigorous security checks, including SHA256 checksum verification, artifact size limits to prevent Denial of Service, and zip-bomb/path-traversal protection.
- [COMMAND_EXECUTION]: Utilizes system binaries like curl, jq, and gh to manage its lifecycle and perform reporting. Commands are executed with secure patterns, such as using single-quoted heredocs to prevent shell interpolation.
- [DATA_EXFILTRATION]: Facilitates the submission of security incident reports to a centralized vendor-managed repository. This behavior is the primary intended function of the skill, requires explicit user consent for every submission, and follows documented privacy guidelines to avoid sharing sensitive data.
- [PROMPT_INJECTION]: The skill processes external data regarding security incidents, presenting a potential surface for indirect prompt injection.
- Ingestion points: Incident data gathered by the agent for report generation in SKILL.md and reporting.md.
- Boundary markers: Documentation provides clear instructions on data sanitization and "DO NOT include" lists for sensitive information.
- Capability inventory: The skill has the ability to write local files and perform network requests via the GitHub CLI (gh).
- Sanitization: Implements secure shell scripting practices, specifically using literal heredocs to ensure untrusted content is not executed during file writing.
Audit Metadata