everything-claude-code-harness
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation guide suggests cloning a GitHub repository (
affaan-m/everything-claude-code) and running a shell script (install.sh). This method executes arbitrary code from a source not included in the trusted vendors list. - [COMMAND_EXECUTION]: The skill uses a lifecycle hook system that executes Node.js scripts (
session-start.js,stop.js). These scripts have the capability to interact with the system environment and file system. - [EXTERNAL_DOWNLOADS]: The skill points to several external dependencies, including npm packages (
ecc-universal,ecc-agentshield) and a GitHub-hosted plugin, which are required for full functionality. - [DATA_EXFILTRATION]: The memory persistence logic reads and writes to
~/.claude/session-memory.json. Accessing the user's home directory outside the project workspace poses a risk of exposing or persisting sensitive session data across unrelated projects. - [PROMPT_INJECTION]: The 'Instincts' and session memory features ingest data from past activities and re-inject it into the agent's prompt context. This creates an attack surface for indirect prompt injection, where malicious content saved in a previous session could compromise subsequent sessions.
Audit Metadata