clipboard-tools
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local shell script named 'clipboard.sh' and interfaces with platform-specific utilities like 'pbcopy', 'xclip', and 'powershell' to perform its operations.
- [DATA_EXFILTRATION]: The skill accesses the system clipboard, which is a highly sensitive buffer frequently containing secrets like passwords, tokens, or private messages. It also supports reading from and writing to arbitrary filesystem paths via command-line arguments.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing data from untrusted sources. 1. Ingestion points: Data enters the agent's context through the system clipboard via the 'paste' command and from local files via the '--file' argument. 2. Boundary markers: Absent; there are no delimiters or specific instructions to the agent to ignore embedded commands within the ingested content. 3. Capability inventory: The skill has the ability to execute shell scripts, read/write to the filesystem, and interact with the system clipboard. 4. Sanitization: Absent; content is retrieved and processed as raw text without any filtering or validation.
Audit Metadata