clojure-eval
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
clj-nrepl-evalCLI tool to execute arbitrary Clojure code provided by the agent or user. This is the intended purpose of the skill for interactive development. - [REMOTE_CODE_EXECUTION]: By design, the skill allows code execution on a target nREPL server. While primarily targeting local instances, it can connect to any host and port specified.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because the agent processes output from the REPL server without sanitization. An attacker who controls the REPL server or the code being evaluated could inject instructions into the output to manipulate the agent.
- Ingestion points: The evaluation results returned by
clj-nrepl-evalinSKILL.md. - Boundary markers: None identified; REPL output is returned directly to the agent's context.
- Capability inventory: Execution of arbitrary Clojure code and network port discovery.
- Sanitization: No evidence of output filtering or validation before processing responses from the REPL.
Audit Metadata