clerk-data-handling
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were identified. The skill's instructions and referenced implementation guide follow established security and development practices for the stated use case of user data management.
- [COMMAND_EXECUTION]: The skill is configured to allow
Bash(npm:*)commands. This is a standard permission for development-focused skills to enable the installation and management of project dependencies like@clerk/nextjs. - [DATA_EXFILTRATION]: The implementation guide in
lib/audit-log.tsincludes a pattern for sending audit events to an external endpoint via theAUDIT_LOG_ENDPOINTenvironment variable. This is a legitimate implementation strategy for compliance auditing and centralized log management. - [PROMPT_INJECTION]: The skill processes user-supplied data from Clerk and application databases for features like data export. This creates a surface for indirect prompt injection if instructions are embedded in the processed data fields.
- Ingestion points: Data retrieved via
clerkClientand database queries inreferences/implementation-guide.md. - Boundary markers: No specific delimiters or "ignore instructions" markers are used in the provided code templates.
- Capability inventory: The skill utilizes
Read,Write,Edit,Bash, andGreptools. - Sanitization: The
sanitizeForExportfunction in the guide removes metadata like database IDs and timestamps but does not perform content-level sanitization or escaping of string data.
Audit Metadata