skills-search
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the installation of the
@daymade/ccpmpackage from NPM. The@daymadeorganization is not among the verified trusted sources, which introduces a supply chain risk through the installation of unvetted global binaries. - REMOTE_CODE_EXECUTION (HIGH): The
ccpm installcommand is designed to download and integrate external 'skills' (plugins) into the AI agent's environment. This provides a direct path for executing arbitrary code sourced from an unverified third-party registry (ccpm.dev). - PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect prompt injection. It ingests untrusted data from an external registry via
ccpm searchandccpm infocommands. This external content could contain malicious instructions designed to manipulate the agent's reasoning or trick it into installing malicious plugins. - COMMAND_EXECUTION (MEDIUM): The skill uses shell commands to manage system-level software states, including installation and uninstallation, which can lead to unintended side effects if the underlying CLI handles inputs unsafely.
Recommendations
- AI detected serious security threats
Audit Metadata