clerk-setup
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches setup instructions and configuration from official Clerk documentation hosted at clerk.com.
- [COMMAND_EXECUTION]: The skill provides instructions for installing Clerk-specific Node.js packages and configuring environment variables via standard CLI tools based on the documentation content.
- [PROMPT_INJECTION]: The skill uses external documentation content to drive agent behavior for project setup, which represents an indirect prompt injection surface from the vendor's official domain. 1. Ingestion points: WebFetch retrieval from official clerk.com documentation paths. 2. Boundary markers: No specific delimiters or "ignore instructions" warnings are applied to the fetched content before processing. 3. Capability inventory: The skill allows for npm installations, file system writes, and environment variable configuration. 4. Sanitization: The skill relies on the inherent trust of the vendor's official documentation and does not perform independent sanitization of the fetched instructions.
Audit Metadata