Skills
skills/jg-chalk-io/nora-livekit/moai-baas-clerk-ext/Gen Agent Trust Hub

moai-baas-clerk-ext

Pass

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Detected an indirect prompt injection surface. Evidence: 1. Ingestion points: Data is retrieved from external sources via WebFetch and Context7 documentation tools. 2. Boundary markers: Absent in the provided code templates. 3. Capability inventory: The skill has access to Bash, Write, and Edit tools. 4. Sanitization: No sanitization logic for external content is demonstrated.
  • [EXTERNAL_DOWNLOADS]: Fetches configuration and patterns from official Clerk (clerk.dev) and Context7 resources, which are well-known and reputable.
  • [CREDENTIALS_UNSAFE]: Code examples correctly use environment variables for sensitive keys, adhering to security best practices.
  • [COMMAND_EXECUTION]: The skill is authorized to use Bash for project setup and management, but no malicious command patterns were found.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 2, 2026, 05:14 PM