Skills
skills/lightfastai/lightfast/lightfast-clerk/Gen Agent Trust Hub

lightfast-clerk

Warn

Audited by Gen Agent Trust Hub on Apr 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The helper function meta_write in lib/common.sh constructs and executes a Node.js command via node -e using string interpolation of arguments. This pattern lacks sufficient escaping for the interpolated values, which could lead to arbitrary command execution if an attacker can control the input data (e.g., via a compromised web session or local configuration).
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to the official Clerk Backend API (https://api.clerk.com/v1) using fetch to manage user accounts and session tokens for development purposes.
  • [PROMPT_INJECTION]: The references/sign-in-playbook.md provides a methodology for agents to interact with web pages via the agent-browser tool. This creates a surface for indirect prompt injection where malicious instructions on a web page could influence the agent's actions. The skill lacks explicit boundary markers or data sanitization logic to mitigate this risk when data from the browser is used in subsequent operations.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 25, 2026, 10:50 AM
Security Audit — agent-trust-hub — lightfast-clerk