clix-personalization
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- COMMAND_EXECUTION (LOW): The skill provides a shell script
scripts/validate-template.shto check Liquid syntax. While it executes commands, it uses standard UNIX tools (awk,grep) locally to perform brace counting and stack-based tag validation. It does not perform network operations or access sensitive system files. - INDIRECT_PROMPT_INJECTION (LOW): The skill processes user-provided Liquid templates. While these templates contain logic (
if,for), they are used for generating marketing content strings within the Clix platform. There is a low risk that an attacker-controlled template could influence the agent's summary of that template, but the skill includes explicit workflow steps to identify and validate input sources, which mitigates risk.
Audit Metadata