skills/seqis/openclaw-skills-converted-from-claude-code/agent-changes-workflow-coordinator/Gen Agent Trust Hub
agent-changes-workflow-coordinator
Fail
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructions include a command to copy a hidden file from the user's home directory (~/.claude/CLAUDE.md) into the project's documentation archive. This behavior accesses configuration data outside the project scope and exposes it to potentially shared project folders, which can lead to sensitive data exposure.- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform file system operations, specifically directory creation (mkdir -p) and file copying (cp) targeting user-level hidden directories.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality.
- Ingestion points: Reads and processes recent git commits and modified source files as described in Phase 1 of the Execution Workflow.
- Boundary markers: None. The instructions do not specify any delimiters or warnings to ignore instructions embedded in the analyzed code or commit messages.
- Capability inventory: The skill has access to Bash, Write, Edit, MultiEdit, and TodoWrite tools.
- Sanitization: No evidence of sanitization or validation of the content extracted from git history or file changes before it is used to generate or update documentation.
Recommendations
- AI detected serious security threats
Audit Metadata