seemseam-ccb-multi-agent-cli
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and execute code from a remote repository at
github.com/SeemSeam/claude_codex_bridge.gitduring the installation process. - [COMMAND_EXECUTION]: The installation instructions for Windows utilize
powershell -ExecutionPolicy Bypass, which explicitly overrides system security settings to run an unverified script. - [REMOTE_CODE_EXECUTION]: The
ccb updatecommand downloads and executes remote updates, which allows for the runtime modification of the tool's behavior from an external source. - [COMMAND_EXECUTION]: The provided Python integration examples use
subprocess.runto execute CLI commands based on agent input. If theagent_nameorqueryparameters are sourced from untrusted data, this could lead to command injection. - [DATA_EXFILTRATION]: The configuration system encourages storing API keys and base URLs in a local file (
.ccb/ccb.config). While it advises using environment variables, the framework's support for direct key placement increases the risk of credential exposure if files are accidentally shared. - [PROMPT_INJECTION]: The skill establishes a shared memory surface in
.ccb/ccb_memory.mdused by multiple agents. - Ingestion points: All agents read and write to
.ccb/ccb_memory.mdto maintain project context. - Boundary markers: No specific delimiters or instruction-ignore guards are defined for the shared memory content.
- Capability inventory: The skill allows subprocess execution, file system writes, and shell access via tmux panes.
- Sanitization: There is no evidence of sanitization or validation of data before it is written to or read from the shared memory file.
Audit Metadata