ccw-help
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes Python scripts (
scripts/auto-update.pyandscripts/analyze_commands.py) to maintain its command index. These scripts are executed viasubprocess.run, performing local file system operations to scan and parse documentation. - [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes and displays content from various markdown files in the project's
.claudedirectory. Malicious content within these files could potentially influence agent behavior when the help system is used. - Ingestion points: Markdown files located in the
commands/,agents/, andskills/directories. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the processing logic.
- Capability inventory: The skill utilizes
Read,Grep, andGlobtools to access files, and provides command orchestration features (Mode 5). - Sanitization: Content is extracted from frontmatter and file bodies without visible sanitization or validation against structural schemas.
Audit Metadata