openclaw-github-repo-commander
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external GitHub repositories.
- Ingestion points: Stage 1 involves cloning arbitrary GitHub repositories into the agent context for analysis.
- Boundary markers: The instructions do not define delimiters or specific 'ignore instructions' warnings when processing files from the cloned repositories.
- Capability inventory: The skill includes file modification (Stage 6) and network operations via the
ghCLI (Stage 7) to push updates. - Sanitization: There is no mention of sanitization or validation of the content read from external repositories before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill executes a local shell script
scripts/repo-audit.shin Stage 2 to automate repository checks. Executing scripts that process untrusted repository content (such as filenames or file content) can be a vector for command injection if the script does not properly handle malicious inputs.
Audit Metadata