configure-ecc
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a repository from an untrusted third-party source:
https://github.com/affaan-m/everything-claude-code.git. - [REMOTE_CODE_EXECUTION]: The skill copies downloaded files from the external repository directly into the agent's execution directories (
~/.claude/skills/and~/.claude/rules/). Because these files define the agent's logic and behavioral constraints, this mechanism facilitates the execution of unverified remote instructions. - [COMMAND_EXECUTION]: The skill executes multiple shell commands to manage the installation process, including
rm -rf,git clone,mkdir -p, andcp -ron sensitive local paths. - [DATA_EXPOSURE]: The skill performs recursive searches and file reads across the agent's configuration directories (
~/.claude/) usinggrep, which may expose path structures and configuration metadata. - [INDIRECT_PROMPT_INJECTION]: The skill implements an 'Optimization' phase (Step 5) where it reads and modifies the downloaded markdown files. If the source repository contains malicious instructions, they could influence the agent's behavior during this processing phase.
- Ingestion points: Files cloned into
/tmp/everything-claude-code. - Boundary markers: None present; the agent is instructed to read and 'optimize' the content directly.
- Capability inventory: File system read/write, directory creation, and command execution via
bashblocks. - Sanitization: No validation or sanitization of the downloaded content is performed before installation or modification.
Recommendations
- AI detected serious security threats
Audit Metadata