clipboard
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill uses the
Bashtool to execute clipboard utilities (pbcopy,clip.exe,xclip,xsel). While these are standard system tools, the skill generates shell commands dynamically. - PROMPT_INJECTION (LOW): Indirect Prompt Injection surface (Category 8). The skill extracts content from music track files and interpolates it into a shell command for copying.
- Ingestion points: Data enters the agent via the
format_for_clipboardtool or by reading track files (e.g.,01-track-name.md). - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided to the agent to treat the track content as literal data only.
- Capability inventory: The skill has access to the
Bashtool, which is used to execute the clipboard pipe. - Sanitization: The skill recommends using
printf '%s' "$content", which is a security best practice for handling variable data in shell. However, the interpolation of untrusted file content into a shell command string by the agent remains a potential injection vector if the agent does not properly escape shell-active characters like backticks or dollar signs. - EXTERNAL_DOWNLOADS (SAFE): The documentation mentions installing utilities like
xclipviasudo apt install, but these are instructions for the user to perform manually and are not executed by the skill itself.
Audit Metadata