claude-config-optimizer
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends executing a command that downloads and runs code directly from an untrusted third-party repository (
github.com/laiso/site2skill) usinguvx. This allows for the execution of arbitrary remote code on the host system. - [EXTERNAL_DOWNLOADS]: Fetches the official Claude Code
CHANGELOG.mdfrom theanthropics/claude-coderepository using the GitHub CLI to assist with version tracking and user queries. - [COMMAND_EXECUTION]: Employs several local shell commands to facilitate configuration tasks, including
claude --versionfor environment detection,gh apifor remote data retrieval, andbase64for processing responses. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it processes externally-sourced changelog data.
- Ingestion points: The skill downloads the
CHANGELOG.mdfile from the publicanthropics/claude-codeGitHub repository (SKILL.md, Section 2.2). - Boundary markers: No specific delimiters or instructions are used to ensure the agent ignores potentially adversarial instructions embedded within the fetched changelog content.
- Capability inventory: The agent has access to the
Bashtool, enabling it to execute system commands and modify configuration files (SKILL.md). - Sanitization: External content is decoded and processed without validation or sanitization before being provided to the agent context.
Recommendations
- AI detected serious security threats
Audit Metadata