paperclip-create-agent
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
curlutility to communicate with the Paperclip API. These commands are standard for the skill's purpose of managing agent configurations and hire requests. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by reading configuration data and comments from the Paperclip API.
- Ingestion points:
SKILL.md(Workflow steps 2, 3, 4, 8) fetches data from$PAPERCLIP_API_URLendpoints. - Boundary markers: Absent in the skill body for data retrieved from the API.
- Capability inventory: The skill is capable of network operations (
curl) to interact with the vendor's platform. - Sanitization: The skill does not perform explicit sanitization of the text retrieved from the API endpoints.
Audit Metadata