clay-to-deepline
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior was detected. The skill proactively addresses potential data leakage by guiding users on the safe handling of Clay session cookies via environment variables and .gitignore configurations.
- [COMMAND_EXECUTION]: The skill uses Python's subprocess module and local JavaScript execution to orchestrate record fetching and data enrichment. These actions are required for the migration and are intended for local execution.
- [PROMPT_INJECTION]: The skill handles untrusted data from HAR and JSON exports, creating a surface for indirect prompt injection. 1. Ingestion points: HAR files, ClayMate exports, and API responses. 2. Boundary markers: The skill recommends using structured JSON schemas for AI outputs to manage data integrity. 3. Capability inventory: Includes local JavaScript execution and shell command orchestration. 4. Sanitization: Instructs users to use json.dumps for constructing payloads, which prevents command injection via malformed input.
Audit Metadata