clawdbot-workspace-template-review
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes content from untrusted workspace files, which acts as a potential surface for indirect prompt injection.
- Ingestion points: The skill reads local files like AGENTS.md, SOUL.md, USER.md, IDENTITY.md, TOOLS.md, and HEARTBEAT.md.
- Boundary markers: No delimiters or isolation warnings are used to separate the content of these files from the agent's instructions.
- Capability inventory: Employs standard system utilities (ls, sed, diff) to perform read-only operations for file comparison. No network access or file-writing capabilities were detected.
- Sanitization: File sections are presented verbatim to the agent without any sanitization or validation of the content.
Audit Metadata