Skills
skills/egorfedorov/claude-context-optimizer/cco-digest/Gen Agent Trust Hub

cco-digest

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a Node.js script using the Bash tool with the $ARGUMENTS variable interpolated directly into the command line.
  • Ingestion Point: The $ARGUMENTS variable in SKILL.md is populated by user-supplied input.
  • Capability: The skill uses the Bash tool to run commands on the system.
  • Evidence: node ${CLAUDE_PLUGIN_ROOT}/src/digest.js $ARGUMENTS in SKILL.md.
  • Risk: If the underlying platform does not sanitize the $ARGUMENTS value, an attacker could provide input containing shell metacharacters (e.g., ;, |, &, or backticks) to execute unauthorized arbitrary commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 04:33 PM