Skills
skills/egorfedorov/claude-context-optimizer/cco-replay/Gen Agent Trust Hub

cco-replay

Fail

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the command node ${CLAUDE_PLUGIN_ROOT}/src/replay.js $ARGUMENTS where $ARGUMENTS is directly derived from user input. The lack of proper shell quoting or input sanitization creates a vulnerability where shell metacharacters (e.g., ;, |, &&) in the arguments could be used to execute arbitrary commands.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface.
  • Ingestion points: User-supplied $ARGUMENTS and the output from the replay.js script (file names, session data).
  • Boundary markers: None present to delimit untrusted data from system instructions.
  • Capability inventory: Access to the Bash tool to execute local scripts and system commands.
  • Sanitization: No validation, escaping, or filtering is applied to external inputs before they are used in shell commands or presented in the session summary.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 24, 2026, 04:33 PM