Skills
skills/zhenxuanshi-ship-it/meatpiegua_skills/tech-analysis-auntie/Gen Agent Trust Hub

tech-analysis-auntie

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. The skill ingests untrusted data from web_search and the output of local scripts to generate analysis reports. \n
  • Ingestion points: External data enters through the web_search tool and the stock-query.sh script results. \n
  • Boundary markers: No boundary markers or 'ignore' instructions are defined for processing the external content. \n
  • Capability inventory: The agent has the ability to execute local shell scripts and write to the filesystem. \n
  • Sanitization: There are no instructions to sanitize or escape external content before it is processed or written to disk.\n- [COMMAND_EXECUTION]: Risk of command injection through unsanitized shell interpolation. The skill instructs the agent to use echo and cat within a shell environment to save reports to /root/.openclaw/workspace/memory/. If malicious strings (e.g., shell metacharacters like backticks or semicolon) are present in the stock names or search results, they could be executed during the file-writing process.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 03:25 AM