econ-audit
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone a repository from "https://github.com/charlescoverdale/econstack-data.git" if a local parameter directory is missing. This repository belongs to an external individual and is not part of the trusted vendors list.
- [REMOTE_CODE_EXECUTION]: The skill executes multiple scripts and binaries located in the local directory "~/.claude/skills/econstack/bin/" (e.g., "econstack-update-check", "econstack-learnings-read"). The source and safety of these files cannot be verified during static analysis.
- [COMMAND_EXECUTION]: The skill uses "eval" to execute the output of a shell command ("~/.claude/skills/econstack/bin/econstack-slug"), which is a high-risk dynamic execution pattern that could allow for arbitrary command injection if the binary output is manipulated.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it is designed to ingest and audit untrusted external economic documents while having access to powerful capabilities.
- Ingestion points: Identified in Step 1 where the skill reads user-provided markdown files or directories for auditing.
- Boundary markers: Absent; the instructions do not include delimiters or warnings for the agent to ignore embedded instructions within the audited documents.
- Capability inventory: Access to "Bash", "Read", "Write", "Glob", "Grep", and the ability to invoke other skills.
- Sanitization: Absent; the skill processes document content directly for methodological checks without filtering or escaping.
Audit Metadata