Skills
skills/danik911/thesis_project/clerk-token-ops/Gen Agent Trust Hub

clerk-token-ops

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local scripts scripts/Set-ClerkToken.ps1 and scripts/get_clerk_token.py to automate the generation and export of Clerk JWT tokens.
  • [DATA_EXFILTRATION]: The skill requires access to .env.local, which is documented to contain sensitive credentials including CLERK_SECRET_KEY and CLERK_PEM_PUBLIC_KEY.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing output from local scripts without delimiters. 1. Ingestion points: Output from local scripts scripts/Set-ClerkToken.ps1 and scripts/get_clerk_token.py. 2. Boundary markers: Absent. 3. Capability inventory: PowerShell and Python script execution, and local file system access. 4. Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 09:56 PM