day2-create-context-sync-skill
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill executes 'npx skills add ai-native-camp/camp-1 --agent claude-code --yes' which downloads and installs code from an untrusted third-party organization not present in the trusted vendors list.
- [COMMAND_EXECUTION]: The agent is instructed to write dynamic API-calling code directly to the local filesystem in the 'scripts/' directory and create/modify '.claude/skills/my-context-sync/SKILL.md' and '.mcp.json' files based on external templates.
- [PROMPT_INJECTION]: The instructions utilize 'STOP PROTOCOL' and '절대 위반 금지' (Never Violate) headers, which are linguistic patterns designed to override or lock agent behavior. The skill also processes untrusted data from GitHub READMEs and external application content (Slack, Gmail, Notion), creating a surface for indirect injection. Evidence Chain for SKILL.md: 1. Ingestion points: GitHub READMEs (via mcp_servers.py), external data sources in Block 3. 2. Boundary markers: Absent. 3. Capability inventory: Bash execution, file writing, network access via curl. 4. Sanitization: No sanitization or validation of the ingested external content is mentioned.
Audit Metadata