cc-skill-us
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external tool ('fabric') directly from a GitHub repository using 'go install github.com/danielmiessler/fabric@latest'.
- [COMMAND_EXECUTION]: Executes several bash commands and local scripts, including 'parse_conversation.sh' and 'fabric', to process data. It also uses system utilities like 'jq', 'ls', and 'find' to navigate the file system and manipulate JSON data.
- [DATA_EXFILTRATION]: Accesses sensitive conversation history stored in '~/.claude/projects/'. This history often contains source code, debugging logs, and potentially hardcoded secrets or PII. The content is piped into 'fabric', which typically transmits data to external LLM providers (e.g., OpenAI, Anthropic) for processing.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection (Category 8). The skill ingests untrusted data from conversation history files.
- Ingestion points: '~/.claude/projects/*.jsonl' via the 'parse_conversation.sh' script.
- Boundary markers: None identified in the provided steps or scripts.
- Capability inventory: File system access ('ls', 'find', 'cp'), shell execution ('bash'), and network transmission (via 'fabric' tool calls).
- Sanitization: No evidence of sanitization or filtering of the conversation content before it is passed to extraction patterns or used to generate new skills.
Audit Metadata