shadow-cljs-debug
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill specifies commands to manage the local development environment, such as clearing the build cache using
rm -rf .shadow-cljs .cpcacheand triggering the compiler withnpx shadow-cljs compile. These are standard developer operations within the context of Shadow-CLJS. - [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it is designed to analyze external project configuration files and compiler error logs which may contain untrusted data.
- Ingestion points: Reads content from
shadow-cljs.edn,deps.edn,package.json, and dynamic compiler error messages. - Boundary markers: No specific delimiters are used to isolate untrusted data during processing.
- Capability inventory: The agent can delete local cache directories and execute the
shadow-cljsbinary vianpx. - Sanitization: No explicit sanitization or validation of the input data is mentioned before processing or inclusion in instructions.
Audit Metadata