ccc
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of the
cocoindex-codepackage usingpipx. This resource is identified as a vendor-owned package from cocoindex-io.\n- [COMMAND_EXECUTION]: The skill uses theccccommand for various codebase management tasks including initialization, indexing, and semantic searching. It also suggests usingsedto read specific file lines, which involves executing shell commands with parameters derived from search results.\n- [PROMPT_INJECTION]: The skill facilitates the ingestion of external data from the codebase, which presents a surface for indirect prompt injection.\n - Ingestion points: Code snippets and file segments are brought into the agent's context through search results and subsequent file-reading commands (SKILL.md).\n
- Boundary markers: No specific delimiters or safety instructions are provided to the agent to treat search outputs as passive data rather than instructions.\n
- Capability inventory: The agent has the ability to execute CLI tools (ccc, sed) and utilize editor file-reading tools, which could be exploited if a search result contains malicious instructions.\n
- Sanitization: The skill does not implement sanitization, filtering, or validation of the code content being indexed or displayed.
Audit Metadata