ccf-rank
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documentation provides examples for executing local Python and Node.js scripts (
scripts/build_ccf_dataset.pyandscripts/query_ccf_rank.mjs) to manage and query the ranking dataset. - [EXTERNAL_DOWNLOADS]: The data building script depends on the
pypdfPython library for PDF text extraction. - [DATA_EXPOSURE_AND_EXFILTRATION]: No network operations or access to sensitive system files were detected. All data processing is local to the skill's environment.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes content from external PDF files during the dataset build process. Ingestion points:
scripts/build_ccf_dataset.pyreads user-provided PDF files. Boundary markers: No explicit delimiters are used in the generated JSON records. Capability inventory: The skill allows local file system writes (database generation) and console output of parsed rankings. Sanitization: Content is normalized and validated against specific regular expressions (rankings, URLs, abbreviations).
Audit Metadata