clojure-repl-dev
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (LOW): The skill utilizes the
clj-nrepl-evaltool to evaluate arbitrary Clojure code strings on a local nREPL server. \n - Evidence: Instructions in
SKILL.mdandreferences/tool-guide.mddirect the agent to test and define functions via nREPL. \n - Context: Severity is lowered because code execution is the core intended functionality for a REPL-driven development skill. \n- [Indirect Prompt Injection] (LOW): The skill is susceptible to instructions embedded in project files that could influence agent behavior. \n
- Ingestion points: The skill reads file content using the
readcommand and searches through code withrg(ripgrep) as seen inSKILL.md. \n - Boundary markers: Absent; there are no instructions for the agent to ignore or isolate natural language instructions found in comments within Clojure or EDN files. \n
- Capability inventory: Possesses the ability to write to the filesystem and execute arbitrary code via the REPL. \n
- Sanitization: No validation or sanitization of file content is performed before the agent processes or executes it. \n- [Command Execution] (LOW): Uses system commands for code discovery and search. \n
- Evidence: Documented use of
rgand custom tools likeclj-paren-repairinSKILL.md.
Audit Metadata