clip-skills
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a structured template for document generation and does not contain any malicious code, obfuscation, or unauthorized data access patterns.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by processing untrusted user-pasted terminal output. While a potential risk, the impact is low as the agent only formats the content into a Markdown file.
- Ingestion points: User-provided text pasted from
bunx skillsoutput, as described in the Input section of SKILL.md. - Boundary markers: There are no explicit delimiters or instructions for the agent to ignore embedded commands within the processed data.
- Capability inventory: The skill utilizes file system write capabilities via the environment's preferred tools (e.g., Obsidian CLI) to create notes in the 03-Records/Snippets/Repos/ directory.
- Sanitization: The instructions include logic to compress descriptions into a single sentence, but no explicit sanitization or filtering of potentially malicious instructions within the input is specified.
Audit Metadata