Skills
skills/guia-matthieu/clawfu-skills/keyword-clusterer/Gen Agent Trust Hub

keyword-clusterer

Pass

Audited by Gen Agent Trust Hub on Feb 13, 2026

Risk Level: LOW
Full Analysis
  • Indirect Prompt Injection (LOW): The skill processes untrusted data from user-supplied CSV files. While it lacks explicit prompt sanitization or boundary markers for this data, the risk is minimal because the script performs deterministic clustering or regex matching and does not execute the data or feed it into a large language model prompt itself.
  • Ingestion points: scripts/main.py reads data from files provided via the file argument in the cluster and intent commands.
  • Boundary markers: Absent; keyword content is processed directly.
  • Capability inventory: File system write access (via --output flag), console output.
  • Sanitization: None; input is used for string manipulation and embedding generation.
  • External Downloads (LOW): The skill's documentation and requirements.txt reference standard, reputable Python packages (scikit-learn, sentence-transformers, pandas). These are sourced from PyPI and are appropriate for the tool's stated purpose.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 13, 2026, 03:25 PM