Skills
skills/egorfedorov/claude-context-optimizer/cco-templates/Gen Agent Trust Hub

cco-templates

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The create command executes a shell command that includes the current working directory via $(pwd). This creates a command injection vulnerability where a maliciously named directory could execute arbitrary shell commands when the template suggestion tool is invoked.
  • [COMMAND_EXECUTION]: The apply command is designed to execute arbitrary shell commands defined within the preCommands array of the template JSON files. While intended for setup tasks like git status, this mechanism can be abused to execute any command available to the agent if a template file is maliciously crafted or modified.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform filesystem operations and execute logic. The interpolation of user-supplied arguments (like <name>) into file paths and commands without explicit sanitization increases the risk of path traversal or further command injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 04:33 PM