Skills
skills/brycewang-stanford/auto-empirical-research-skills/cost-benefit/Gen Agent Trust Hub

cost-benefit

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes multiple scripts and binaries located in the user's home directory (~/.claude/skills/econstack/bin/), including econstack-update-check, econstack-learnings-read, econstack-learnings-log, and econstack-greenbook.
  • [EXTERNAL_DOWNLOADS]: The skill references and instructs the user to fetch data and code from a non-trusted repository at https://github.com/charlescoverdale/econstack-data.git via git clone and git pull.
  • [REMOTE_CODE_EXECUTION]: The skill performs dynamic code execution by using eval "$(~/.claude/skills/econstack/bin/econstack-slug)". This executes the output of a script directly as shell commands, which is a high-risk pattern if the script's behavior is influenced by external or untrusted data.
  • [PROMPT_INJECTION]: The skill processes untrusted external markdown files through the --from argument.
  • Ingestion points: Reads project, options, costs, and benefits data from external .md files in Step 1.
  • Boundary markers: No explicit boundary markers or 'ignore' instructions are used when parsing these files.
  • Capability inventory: The skill has extensive capabilities including Bash execution, Write access to the file system, and the ability to invoke other Skill tools.
  • Sanitization: There is no evidence of validation or sanitization of the content imported from the markdown files before it is used in calculations or shell command construction.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 11:31 AM
Security Audit — agent-trust-hub — cost-benefit