paperclip-board

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs its operations by executing curl commands via a bash shell. This is used for all API interactions, including creating agents, updating tasks, and fetching dashboards.
  • [EXTERNAL_DOWNLOADS]: The skill fetches data and configuration files from the Paperclip API (defined by the PAPERCLIP_API_URL environment variable). This includes agent definitions, icon lists, and document content.
  • [DATA_EXPOSURE]: The skill accesses the PAPERCLIP_API_KEY and PAPERCLIP_API_URL environment variables to authenticate and route its requests. This is standard behavior for a CLI-based management tool.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it reads and summarizes data from the API (such as 'Board Operations' logs and task comments) which could contain untrusted input. However, the instructions focus on summarization and there is no evidence of unsafe interpolation that would lead to immediate compromise.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 02:13 AM
Security Audit — agent-trust-hub — paperclip-board