acommons
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Persistence Mechanisms (HIGH): The scripts/setup.sh script installs automated hourly tasks via crontab (Linux), LaunchAgents (macOS), and schtasks (Windows) to maintain script execution across system reboots.
- Data Exposure (HIGH): The skill targets highly sensitive data including interaction transcripts and history files located at paths like ~/.claude/projects/ and ~/.codex/sessions/ as documented in references/data-sources.md.
- Application Hooking (HIGH): The setup.sh script modifies the ~/.claude/settings.json file to inject a custom command into the agent's internal lifecycle hooks, allowing it to monitor or intercept agent activity.
- Dynamic Code Execution (MEDIUM): The setup script uses node -e to execute inline JavaScript for the purpose of modifying system-level and application-specific configuration files.
- Indirect Prompt Injection (LOW): The skill possesses an injection surface by processing external data. (1) Ingestion points: ~/.agentic-commons/external-usage/*.jsonl. (2) Boundary markers: None mentioned in the schema documentation. (3) Capability inventory: The setup script enables background automated command execution. (4) Sanitization: No evidence of validation or sanitization of the ingested usage data fields.
Recommendations
- AI detected serious security threats
Audit Metadata