stock-log-viewer
Warn
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
stock-log.shscript is vulnerable to command injection in theshow_latestfunction. It performs arithmetic expansion$((...))on the unvalidated$nargument provided via the CLI, which allows for the execution of subshells or arbitrary commands via payloads like$(command). - [COMMAND_EXECUTION]: Multiple functions, including
search_by_date,search_by_stock, andsearch_keyword, pass user-influenced variables directly into shell commands and subshells within double quotes. This allows for arbitrary command execution through shell expansion if an attacker provides a malicious keyword or date. - [DATA_EXFILTRATION]: The lack of input sanitization in the
grepsearch functions facilitates argument injection. A malicious user could provide additional flags (e.g.,-f) or extra file paths to manipulate the command into reading and displaying sensitive system files instead of the intended stock logs. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it reads data from
stock-analysis-log.md, a file that aggregates external analysis data. Malicious instructions embedded in stock data could influence the agent's behavior when the log is retrieved. - Ingestion points:
/root/.openclaw/workspace/memory/stock-analysis-log.md - Boundary markers: Absent in the script output.
- Capability inventory: Shell script execution (
grep,cat,tail,head). - Sanitization: Absent; the script outputs raw file content to the console.
Audit Metadata