ccc
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the ccc CLI to perform index management tasks and semantic searches, and utilizes the sed utility to extract and display code snippets from files.
- [EXTERNAL_DOWNLOADS]: The skill documentation provides instructions for installing the cocoindex-code package from a standard package registry using pipx.
- [DATA_EXFILTRATION]: The skill accesses the local filesystem to read and index codebase files. It manages configuration files at ~/.cocoindex_code/global_settings.yml and .cocoindex_code/settings.yml, which are used to store project settings and optional API keys for embedding providers.
- [PROMPT_INJECTION]: The skill indexes and retrieves content from codebase files, which constitutes a surface for indirect prompt injection if those files contain malicious instructions.
- Ingestion points: Codebase files indexed and searched by the ccc CLI (SKILL.md).
- Boundary markers: Not explicitly defined for separating indexed code content from agent instructions.
- Capability inventory: Shell command execution for indexing, searching, and file viewing via ccc and sed (SKILL.md, management.md).
- Sanitization: No specific filtering or sanitization of indexed content is described before processing.
Audit Metadata