Skills
NYC
skills/aidotnet/moyucode/clipboard-manager/Gen Agent Trust Hub

clipboard-manager

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (HIGH): Unsafe shell interpolation in the Windows fallback mechanism.\n
  • Evidence: In scripts/clipboard_manager.py, the set_clipboard function uses an f-string to construct a PowerShell command: f'Set-Clipboard -Value "{text}"'. This string is then executed using subprocess.run.\n
  • Risk: If a user or an automated process provides input containing double quotes and command separators (e.g., \"; calc; #), the shell will terminate the intended command and execute the injected payload.\n- [DATA_EXFILTRATION] (LOW): Arbitrary file system access via command-line arguments.\n
  • Evidence: The script implements --file for reading and --output for writing any file path accessible to the current user via the open() function.\n
  • Risk: While this is intended for clipboard management, it allows an agent to be manipulated into reading sensitive files (e.g., SSH keys, credentials) or writing malicious files to sensitive locations.\n- [PROMPT_INJECTION] (LOW): Indirect prompt injection surface through system clipboard ingestion.\n
  • Ingestion points: Untrusted data enters the agent context via the get_clipboard() function in scripts/clipboard_manager.py.\n
  • Boundary markers: Absent; the content is processed as raw text without delimiters or instructions to ignore embedded commands.\n
  • Capability inventory: The skill possesses command execution (subprocess.run) and file system manipulation (open) capabilities.\n
  • Sanitization: Absent; the script does not sanitize, escape, or validate the clipboard content or file paths before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:21 PM