cass
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill recommends installing the 'cass' binary via 'cargo install'. This is an unverified dependency from a source not listed in the trusted organizations.
- COMMAND_EXECUTION (LOW): The core functionality of the skill is built around executing external 'cass' commands. While expected for a CLI-based skill, it involves running unverified local code.
- PROMPT_INJECTION (LOW): The skill presents an indirect prompt injection surface. Ingestion points: Processes session history files from multiple AI agents (Claude, Cursor, Aider, etc.). Boundary markers: None specified in the CLI search output or view commands to delimit untrusted historical content. Capability inventory: The agent possesses shell execution and file system access permissions. Sanitization: No evidence of sanitization or filtering of historical content before it is presented to the agent context.
Audit Metadata