clipboard
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled shell script
scripts/clip.shto interface with the system clipboard. While the script uses standard utilities (pbcopy, xclip, etc.) and handles input safely usingprintf, the execution of local scripts is a primary capability of the skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. If an attacker places malicious instructions on the user's clipboard and the agent is instructed to read the clipboard, the agent may inadvertently execute those instructions.
- Ingestion points: Data enters the agent's context through the
readaction inscripts/clip.sh, which outputs the system clipboard content to stdout. - Boundary markers: The
SKILL.mddoes not specify any delimiters or instructions for the agent to treat clipboard content as untrusted data. - Capability inventory: The agent has the capability to execute the bundled
scripts/clip.shwhich can modify the system state (the clipboard). - Sanitization: There is no sanitization or filtering of the content read from the clipboard before it is processed by the agent.
Audit Metadata