proof-of-work
Warn
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends downloading and installing packages from the npm registry using
npm install -g cclsp.- [REMOTE_CODE_EXECUTION]: Instructs the agent to run code directly from the npm registry using thenpx cclsp@latestcommand.- [COMMAND_EXECUTION]: Utilizes a large suite of shell utilities and development tools (ps,cat,grep,jq,pytest,ruff,terraform,ansible) to validate environment state and implementation correctness. It also provides templates for creating executable Git pre-commit hooks.- [DATA_EXFILTRATION]: Employscurlto perform network operations, such as health checks on local services and testing API endpoints.- [PROMPT_INJECTION]: The skill processes untrusted output from external tools and shell commands, creating a surface for indirect prompt injection. - Ingestion points: Command output and logs captured as evidence in
modules/evidence-logging.md. - Boundary markers: No delimiters are specified to isolate tool output from agent instructions.
- Capability inventory: Extensive use of shell command execution (subprocess) throughout the skill modules.
- Sanitization: No sanitization or validation of external tool output is defined.- [SAFE]: References official GitHub issue threads from the
anthropicsorganization to provide context on known software bugs.
Audit Metadata