video-stickfigure
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides a shell command template for image generation:
python ~/.openclaw/skills/image-service/scripts/text_to_image.py "[prompt]". The[prompt]variable is constructed using user-controlled descriptions. Since the template uses double quotes in a shell context without explicit instructions for sanitization, a user could potentially inject shell metacharacters (e.g., closing the quote and adding additional commands) to execute arbitrary code on the host system. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It uses a formula to assemble prompts where user-provided 'action descriptions' and 'atmosphere elements' are directly interpolated into the template. An attacker could provide malicious descriptions designed to bypass the safety filters or instructions of the downstream
image-servicemodel. - Ingestion points: User-supplied action and atmosphere descriptions in
SKILL.md. - Boundary markers: None. User input is directly concatenated into the final prompt string.
- Capability inventory: Shell command execution (
python,ls,awk), local file system access (read/write for image processing), and Python script execution (via heredoc) inSKILL.md. - Sanitization: No sanitization, escaping, or validation steps are defined for user-provided strings before they are processed by the agent.
Audit Metadata