clipboard
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands such as
pbcopy,cat, andrmto manage the system clipboard and temporary files. - [COMMAND_EXECUTION]: It uses
swift -eto execute a script that interfaces with the macOS AppKit framework for rich text support. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it processes potentially untrusted text from the conversation and interpolates it into shell commands.
- Ingestion points: Conversation text blocks are used as input for clipboard commands (SKILL.md).
- Boundary markers: The skill explicitly instructs the agent to use single-quoted heredoc delimiters (e.g.,
'CLIPBOARD'), which prevents the shell from expanding variables or executing commands within the content. - Capability inventory: Local command execution, file system writes to
/tmp, and macOS system clipboard access (SKILL.md). - Sanitization: Relies on the host shell's single-quoted heredoc mechanism to treat user content as literal data.
Audit Metadata