The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute the clerk binary to perform administrative tasks, including user/session management, organization updates, and configuration synchronization via the shell.
[REMOTE_CODE_EXECUTION]: The skill fetches and executes the clerk CLI package dynamically using package runners like npx, bunx, pnpm dlx, or yarn dlx from the official npm registry.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
Ingestion points: Untrusted data enters the agent context via Clerk Backend API responses (e.g., user profiles, metadata) described in SKILL.md and references/recipes.md.
Boundary markers: No explicit boundary markers or 'ignore' instructions are provided for processed API data.
Capability inventory: The skill utilizes subprocess calls (the clerk CLI) and file writing capabilities (e.g., clerk env pull and output redirection).
Sanitization: There is no evidence of sanitization, validation, or filtering of content retrieved from the external API.
[DATA_EXFILTRATION]: The skill manages sensitive authentication credentials, including Backend API secret keys (sk_...) and Platform API keys (ak_...). It performs operations that write these secrets to local environment files (e.g., clerk env pull to .env.local).

clerk-cli