clerk-android
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it is designed to read and process untrusted data from the user's project environment. Ingestion points: The skill instructions specify reading project files such as build.gradle, AndroidManifest.xml, and source code files to determine implementation details (SKILL.md). Boundary markers: There are no explicit delimiters or instructions to ignore embedded commands within the processed data. Capability inventory: The skill has the capability to modify project files and perform network requests via the WebFetch tool to retrieve documentation (SKILL.md). Sanitization: While no automated sanitization is described, the skill enforces an Interaction Contract that requires the agent to obtain explicit user confirmation before modifying project files.
- [SAFE]: The skill avoids hardcoding sensitive credentials and correctly identifies the Clerk publishable key as a user-supplied input. All referenced external resources and dependencies belong to the official vendor infrastructure (clerk.com and github.com/clerk).
Audit Metadata