cdd-master-chef
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
gitandripgrep(rg) to inspect repository status, manage branches, and search for file patterns. It also performs file system operations (read/write) within the workspace and the~/.openclaw/configuration directory. - [DATA_EXFILTRATION]: The skill is designed to autonomously perform
git pushoperations, which involves transmitting repository content to an upstream remote server as part of the software delivery loop. - [EXTERNAL_DOWNLOADS]: The documentation references an installation script (
install-openclaw.sh) used to provision a suite of related internal skills from the author's repository into the local environment. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its autonomous processing of untrusted repository data.
- Ingestion points: The agent reads and acts upon instructions or data found in
TODO.mdfiles and source code retrieved via search tools. - Boundary markers: The skill utilizes a "Run config" block to manage execution settings, but it lacks strict delimiters for isolating untrusted file content during the implementation phase.
- Capability inventory: The skill can execute shell commands, modify project files, and spawn subagents with delegated tasks.
- Sanitization: The workflow incorporates a manual QA and UAT (User Acceptance Testing) step where the Master Chef agent reviews the Builder subagent's output before finalizing changes.
Audit Metadata