Skills
skills/zulabmm/stashthis-agent-skill/stashthis-agent/Gen Agent Trust Hub

stashthis-agent

Pass

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: SAFEPROMPT_INJECTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • PROMPT_INJECTION (LOW): The skill is designed to ingest external content from the web and generate AI commentary, which creates a surface for Indirect Prompt Injection.
  • Ingestion points: Webhooks described in SKILL.md and content retrieved via scripts/stash.sh and scripts/stash-sync.sh.
  • Boundary markers: Absent. The agent is not instructed to use delimiters or ignore instructions embedded in the stashed content.
  • Capability inventory: The agent has the ability to modify its own configuration (openclaw.json), write files to the workspace, and communicate with external APIs.
  • Sanitization: No sanitization logic is present to filter malicious instructions from stashed content before it is processed by the LLM.
  • CREDENTIALS_UNSAFE (LOW): The installation instructions in SKILL.md (Step 1) and the helper scripts store and retrieve the STASH_API_KEY from a plaintext file at .secrets/stash.env.
  • EXTERNAL_DOWNLOADS (LOW): Both shell scripts communicate with https://stashthis.app/api/v1. While this is the intended service, the domain is not among the pre-approved trusted sources.
  • COMMAND_EXECUTION (SAFE): The provided scripts use standard tools like curl and jq to interact with the API. While they dynamically load environment variables using source, the paths are restricted to the skill and workspace directories.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 21, 2026, 05:28 PM