clay-migration-deep-dive
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill utilizes high-privilege commands including
Bash(kubectl:*)andBash(npm:*)to modify cluster configurations and manage dependencies. While these are necessary for migration tasks, they grant the agent significant control over infrastructure.\n- CREDENTIALS_UNSAFE (MEDIUM): The skill instructions involve copying and editing.envfiles (e.g.,cp .env.example .env.clay). These files typically contain sensitive API keys or secrets, and allowing an agent to manage them increases the risk of accidental exposure or misuse.\n- EXTERNAL_DOWNLOADS (LOW): The skill performs an automated installation of@clay/sdkvianpm. Although intended for the migration, downloading third-party code at runtime is an inherent risk.\n- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through its data ingestion surfaces.\n - Ingestion points: File names from
find, package lists fromnpm list, and data batches from the legacy system.\n - Boundary markers: None present in the instructions to delimit untrusted data.\n
- Capability inventory: Includes
npm install,kubectlcluster modification, and theWrite/Edittools.\n - Sanitization: No evidence of input validation or escaping before data is processed or interpolated into commands.
Audit Metadata