clip-recap
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the 'clip' command-line tool to list, search, and manage context stored in the user's home directory. This includes operations like 'clip recap' and 'clip recap search', which are used to retrieve information for the agent's tasks.
- [SAFE]: The skill's operations are restricted to the local filesystem (specifically '~/.clip/recap/') and do not involve network requests, privilege escalation, or access to sensitive system credentials. The behavior aligns with the stated purpose of managing personalized knowledge.
- [PROMPT_INJECTION]: The skill processes data from local files, which creates a potential surface for indirect prompt injection if the files contain instructions. 1. Ingestion points: Entry bodies read from '~/.clip/recap/' (SKILL.md). 2. Boundary markers: No delimiters or safety instructions are defined to separate retrieved data from the agent's core instructions. 3. Capability inventory: Subprocess execution of the 'clip' command (SKILL.md). 4. Sanitization: No validation or sanitization of the retrieved content is performed.
Audit Metadata