moai-platform-clerk
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The skill directs the agent to execute a migration script from an untrusted registry.
- Evidence: The 'Migration Tool' section explicitly suggests running
npx @clerk/upgrade. Since the '@clerk' organization is not within the defined trusted scope, this constitutes remote code execution from an unverified source. - [Indirect Prompt Injection] (HIGH): The skill possesses a high capability tier with an exposure surface to untrusted codebase data.
- Ingestion points: The skill uses
Read,Grep, andGlobto ingest codebase files, which are attacker-controllable if the agent is auditing external projects or PRs. - Boundary markers: Absent. There are no instructions for the agent to ignore embedded instructions within the code or files it reads.
- Capability inventory: The skill allows
Write,Bash(npm:*), andBash(npx:*), enabling file modification and arbitrary command execution. - Sanitization: Absent. No logic exists to sanitize or validate the content extracted from the codebase before it influences agent actions.
- [Privilege Escalation] (MEDIUM): The skill explicitly allows
Bash(npm:*)andBash(npx:*)commands. - Evidence: The 'allowed-tools' section grants broad permission to install and run any package from the npm registry, which can be leveraged to bypass intended restrictions or escalate control over the local environment.
Recommendations
- AI detected serious security threats
Audit Metadata