paperclip-page

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The publish.sh script executes the aws CLI for S3 synchronization and curl for verifying the live status of the published URL. These are standard operations for a deployment tool and are implemented with proper input validation and shell quoting.
  • [DATA_EXFILTRATION]: While the skill's purpose is to transmit data to an external S3 bucket, it includes significant safeguards to prevent data exfiltration of sensitive material. The assert_safe_source_tree function in scripts/publish.sh uses find to detect and block the inclusion of hidden files or directories (dot-files) and symbolic links. This prevents the accidental upload of credentials or system configuration files.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes a user-provided local directory. However, this is well-mitigated by strict constraints: it requires a root index.html, forbids hidden files, and validates URL slugs against a strict alphanumeric regex. These measures prevent the inclusion of malicious control files or path traversal attempts.
  • Ingestion points: Files within the user-specified source directory provided to publish.sh (SKILL.md, scripts/publish.sh).
  • Boundary markers: The script explicitly prunes and excludes its own state directory (.paperclip-page) and blocks all other hidden files.
  • Capability inventory: File system read access, network access via aws s3 sync, and HTTP HEAD requests via curl (scripts/publish.sh).
  • Sanitization: Slugs are normalized and validated against a restrictive regex; source tree is scanned for symlinks and hidden files prior to execution (scripts/publish.sh).
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 09:37 PM
Security Audit — agent-trust-hub — paperclip-page