consult-the-expert

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a local Python script (scripts/copy-to-clipboard.py) to interface with the macOS pbcopy utility. The script uses subprocess.run with a list of arguments and no shell expansion, which is a secure way to execute system commands.
  • [PROMPT_INJECTION]: The workflow uses a quoted heredoc (<<'__consult-the-expert-skill_EOF__') when passing the AI-generated message to the shell script. This is a critical security measure that ensures any special characters (like backticks or dollar signs) in the message are treated as literal text and cannot be used for command injection attacks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 11:27 AM
Security Audit — agent-trust-hub — consult-the-expert