Skills
skills/clix-so/skills/clix-api-triggered-campaigns/Gen Agent Trust Hub

clix-api-triggered-campaigns

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION] (LOW): The script 'scripts/validate-api-trigger-plan.sh' executes Python logic via a shell heredoc. This is a local utility used for JSON validation and does not involve remote code or unsafe dynamic execution.
  • [PROMPT_INJECTION] (LOW): The skill ingests and validates user-provided configuration files (api-trigger-plan.json). Evidence Chain: 1. Ingestion point: .clix/api-trigger-plan.json. 2. Boundary markers: None (implicitly bounded by JSON format). 3. Capability inventory: Local script execution for validation. 4. Sanitization: The validation script performs explicit type, regex (snake_case), and schema checks.
  • [SAFE] (SAFE): The skill correctly handles sensitive credentials by recommending the use of environment variables and secret managers, and it includes explicit warnings against hardcoding or committing secrets to source control.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:24 PM