clerk-enterprise-rbac
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: No prompt injection attempts or bypass instructions were detected in the skill instructions or metadata.
- [DATA_EXFILTRATION]: No hardcoded credentials, sensitive file access, or unauthorized network operations were found. References to Clerk domains and SAML configurations are standard for the implementation purpose.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns, such as piping curl to bash, were identified.
- [COMMAND_EXECUTION]: The skill does not invoke any dangerous system commands or subprocesses.
- [CREDENTIALS_UNSAFE]: No actual secrets or API keys are hardcoded; the examples correctly use placeholders like 'Provided by Clerk'.
- [EXTERNAL_DOWNLOADS]: The skill references standard Node.js packages (@clerk/nextjs) from a well-known service provider.
Audit Metadata