configure-ecc
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a third-party repository from
https://github.com/affaan-m/everything-claude-code.git. This repository is not on the trusted vendors list, and installing its contents into the agent's skill directory facilitates the execution of unverified external logic. - [COMMAND_EXECUTION]: The skill performs several file system operations and shell commands, including
git clone,rm -rf,mkdir -p, andcp -r. While these are used for the installation process, they interact with sensitive user directories like~/.claude. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8):
- Ingestion points: The skill reads the contents of downloaded
.mdfiles during the 'Optimization' phase in Step 5. - Boundary markers: No boundary markers or 'ignore' instructions are used when reading or processing the content of the cloned files.
- Capability inventory: The skill has the capability to write, modify, and delete files within the
~/.claude/skills/and~/.claude/rules/directories. - Sanitization: There is no evidence of sanitization or validation of the content downloaded from the third-party repository before it is modified or installed.
Audit Metadata