longlist
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
eval "$(~/.claude/skills/econstack/bin/econstack-slug)"to execute shell code generated by a local binary. This pattern allows for arbitrary code execution if the binary's output is manipulated or if the binary itself is compromised. - [COMMAND_EXECUTION]: Multiple local binaries located in
~/.claude/skills/econstack/bin/are executed silently to handle updates (econstack-update-check), state management (econstack-slug), and data logging (econstack-learnings-read,econstack-learnings-log). - [EXTERNAL_DOWNLOADS]: Users are prompted to download and update a parameter database from an external GitHub repository (
https://github.com/charlescoverdale/econstack-data.git) that is not owned by the skill author and is not on the list of trusted vendors. - [DATA_EXFILTRATION]: A "learnings" system captures project insights and logs them using a local binary (
econstack-learnings-log). While the skill documentation claims "Nothing transmitted", the use of external binaries for data management cannot be verified through static analysis and represents a potential data handling risk. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its processing of untrusted user input.
- Ingestion points: The
AskUserQuestiontool is used in Step 1 to collect project descriptions and counterfactuals. - Boundary markers: No delimiters or safety warnings are present to separate user data from instructions.
- Capability inventory: The skill possesses the
Bashtool (for binary execution) and theWritetool (for file creation) across its scripts. - Sanitization: No sanitization or validation of user-provided text is performed before it is used to influence the brainstorming and reporting logic.
Audit Metadata