cc-connect-ai-bridge
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to download binaries and clone source code from an unverified GitHub repository (
chenhg5/cc-connect) rather than a trusted vendor or official package registry. - [COMMAND_EXECUTION]: The installation process requires the use of
sudoto move the downloaded binary into system paths (/usr/local/bin/), granting it administrative privileges. - [COMMAND_EXECUTION]: The tool implements a
/shell <cmd>feature that allows remote execution of arbitrary shell commands on the host machine via messaging platforms like Telegram, Slack, or Discord. - [REMOTE_CODE_EXECUTION]: The skill provides a prompt instructing the AI agent to fetch and follow instructions directly from a remote URL (
INSTALL.mdon GitHub), which could be updated with malicious content to automate tool installation or configuration changes. - [DATA_EXFILTRATION]: By design, the tool bridges local AI coding agents to external messaging platforms, creating a persistent channel that transmits local context and project data to remote servers without requiring a public IP.
- [PROMPT_INJECTION]: The inclusion of a prompt that directs the agent to follow external remote instructions represents a mechanism for bypassing local constraints through remote instruction fetching.
Recommendations
- AI detected serious security threats
Audit Metadata