clay
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Prompt Injection] (LOW): The skill possesses an indirect prompt injection surface through the use of the Claygent AI research agent.
- Ingestion points: Untrusted external data enters the context via variables such as
{{company_url}},{{company_domain}}, and{{LinkedIn URL}}inclaygent/SKILL.mdandcompany-enrichment/SKILL.md. - Boundary markers: Instructions in
claygent-guide.mdprovide structural output requirements (e.g., 'Return format: [text/number/URL/true-false]') but do not include security-specific delimiters or instructions to ignore embedded commands within the scraped content. - Capability inventory: The skill facilitates web browsing and scraping (via Claygent) and JavaScript execution (via Clayscript) across its sub-skills.
- Sanitization: While basic data cleaning formulas are provided in
copy-paste-formulas.md, there is no evidence of sanitization or escaping of external web content before it is processed by the AI models. - [Dynamic Execution] (SAFE): The skill extensively uses
Clayscript, which is a JavaScript-based formula language for data manipulation in Clay. As documented inclayscript-guide.mdandconditional-logic/SKILL.md, this execution is limited to the platform's sandbox for intended data transformation purposes (e.g., cleaning names, calculating scores) and does not exhibit malicious patterns. - [Data Exposure] (SAFE): While 'Clay API keys' are mentioned in
clay-operations/SKILL.mdandclay-operations-credit-optimization.md, these references are conceptual instructions for users to connect their own accounts. No hardcoded secrets or sensitive local file paths were found.
Audit Metadata