ljg-clip
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by fetching and processing arbitrary content from external URLs.
- Ingestion points: Untrusted content enters the agent context via
WebFetchfor URLs and through raw text provided by the user. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when processing the fetched content.
- Capability inventory: The skill can read/write to
~/Documents/notes/inbox.org, execute thedatesystem command, and trigger other analysis skills (/ljg-xray). - Sanitization: There is no evidence of content sanitization or validation before the data is formatted into Org-mode and saved locally or passed to subsequent tools.
- [COMMAND_EXECUTION]: The skill uses the system command
date '+[%Y-%m-%d %a %H:%M]'to generate timestamps for its entries. This is a standard utility but involves the execution of a shell command. - [EXTERNAL_DOWNLOADS]: The skill fetches content from arbitrary remote URLs using the
WebFetchtool. While this is the primary purpose of the skill, it involves interaction with untrusted external sources.
Audit Metadata