clix-user-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill demonstrates a surface for indirect prompt injection as it processes user-provided configuration files to define execution plans.
- Ingestion points: The skill reads
.clix/user-plan.jsonoruser-plan.jsonvia thevalidate-user-plan.shscript. - Boundary markers: Absent; the agent is instructed to use the plan directly for implementation workflow.
- Capability inventory: The skill executes local shell scripts and Python/Node code to validate schemas and manage user property logic.
- Sanitization: The validation script (
validate-user-plan.sh) enforces a strict JSON schema, primitive type checks, and regex validation for property keys to prevent arbitrary instruction injection through the schema keys. - Dynamic Execution (SAFE): The skill uses a Python heredoc within a bash script for validation. Since the Python code is static and only parameters (file paths) are dynamic, this does not constitute unsafe dynamic code generation from untrusted sources.
- Data Exposure (SAFE): No patterns of hardcoded credentials, sensitive file access (e.g., SSH keys), or network exfiltration were identified.
Audit Metadata