last30days
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of retrieving and synthesizing untrusted data from various internet sources.
- Ingestion points: The skill ingests untrusted data from Reddit threads, X posts, and general web articles via
web_search,reddit_search,bird search, andweb_fetch(SKILL.md, SKILL-OC.md). - Boundary markers: The output synthesis templates do not utilize specific delimiters or instructions to prevent the agent from executing commands that might be embedded in the retrieved content.
- Capability inventory: The skill incorporates network-access capabilities for searching and fetching article data from the web (SKILL.md).
- Sanitization: There is no mention of sanitization, filtering, or validation of external content before it is incorporated into the research reports.
- [COMMAND_EXECUTION]: The skill executes shell commands using the
birdCLI tool to perform data retrieval from X/Twitter. - [EXTERNAL_DOWNLOADS]: The skill depends on external resources including the Brave Search API and the Bird CLI for its primary functionality.
- [DATA_EXFILTRATION]: The skill performs network operations to well-known services such as Reddit, X, and the Brave Search API. It also references the local path
~/.openclaw/credentials/bird.envfor environment configuration, which is a standard practice for tool authentication in this environment.
Audit Metadata