cyrus-setup-claude-auth
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill manages sensitive authentication credentials stored in ~/.cyrus/.env but implements strong security boundaries by using shell-level redirection and clipboard tools (pbpaste, xclip) to write secrets directly to disk without reading them into the conversation context.
- [COMMAND_EXECUTION]: Shell commands like grep, printf, and uname are used to manage configuration files and detect environment settings. These operations are limited to the skill's stated purpose of environment setup and do not involve unauthorized execution.
- [EXTERNAL_DOWNLOADS]: References official Anthropic documentation and console URLs (console.anthropic.com, docs.anthropic.com) which are trusted sources for retrieving credentials.
- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data via the clipboard (pbpaste/xclip). 1. Ingestion points: Clipboard tools used in the Option 2 auth flow. 2. Boundary markers: Explicit critical instructions in SKILL.md warning the agent to never read the environment file content. 3. Capability inventory: printf, grep, and claude CLI commands across the setup steps. 4. Sanitization: Use of printf format strings (printf '%s') ensures clipboard input is treated as a literal string rather than executable code.
Audit Metadata