clerk-cli
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown documentation and reference files, with no bundled scripts or executables.
- [EXTERNAL_DOWNLOADS]: The instructions guide the agent to fetch and update the official clerk CLI from public registries using standard runners like npx, bunx, pnpm, and yarn.
- [COMMAND_EXECUTION]: The skill enables the agent to run CLI commands for Clerk resource management. It incorporates safety measures such as recommending --dry-run for all mutations and requiring --yes for destructive actions in non-interactive mode.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it processes external data from the Clerk API. Ingestion points: Data enters the agent context through clerk api and clerk users list commands. Boundary markers: No explicit delimiters or safety instructions are defined for processing the returned JSON data. Capability inventory: The skill has the ability to modify instance configurations and delete resources via authenticated API calls. Sanitization: There is no description of sanitization or validation of API response content before processing.
Audit Metadata