setup-codemap-cli
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and installation resources from a personal GitHub repository (
JordanCoin/codemap) that is not identified as a trusted organization. - [COMMAND_EXECUTION]: It instructs the agent to perform software installation via system package managers (
brew,scoop) and to execute the resulting third-party binary. - [COMMAND_EXECUTION]: The skill modifies the agent's configuration files (
settings.json) to add persistent session hooks that automatically execute shell commands on various events. - [REMOTE_CODE_EXECUTION]: The installation and automated execution of unverified binaries from a third-party repository creates a potential vector for unauthorized code execution.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting untrusted remote data: 1. Ingestion points: Remote README.md in SKILL.md; 2. Boundary markers: Absent; 3. Capability inventory: Subprocess execution (brew, scoop, codemap) and file system writes; 4. Sanitization: Absent.
Audit Metadata