Skills
skills/paperclipai/paperclip/create-agent-adapter/Gen Agent Trust Hub

create-agent-adapter

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The documentation details the implementation of runChildProcess for spawning CLI agents and using filesystem operations like fs.symlink for skill injection.
  • [PROMPT_INJECTION]: The guide describes an architecture for parsing untrusted LLM output from agent processes. * Ingestion points: Agent stdout parsed in server/parse.ts. * Boundary markers: Suggests using structured output formats like JSON. * Capability inventory: Spawning subprocesses and making network requests via fetch. * Sanitization: Recommends avoiding eval() and using safe extraction helpers.
  • [DATA_EXFILTRATION]: The guide discusses handling PAPERCLIP_API_KEY and authToken as environment variables and utilizing fetch for HTTP-based agents, while recommending secret redaction and secure environment management.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 05:57 PM