copy-command
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's execution logic utilizes shell commands like
mkdir -p {destination_dir}andcp {source} {destination}where the variables are derived from user-provided plugin and command names. Without explicit validation or sanitization of these inputs, there is a risk that a malicious user could provide strings containing shell metacharacters to execute arbitrary commands. - [SAFE]: The skill operates exclusively on the local filesystem within standard configuration paths (
.claude/and~/.claude/). - [SAFE]: No evidence of external network activity, hardcoded credentials, or remote code downloads was found in the provided file.
Audit Metadata