Skills
skills/brycewang-stanford/auto-empirical-research-skills/macro-briefing/Gen Agent Trust Hub

macro-briefing

Fail

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions direct the agent to silently execute multiple local binaries, including 'econstack-update-check', 'econstack-learnings-read', and 'econstack-learnings-log', which are located in the user's home directory (e.g., '~/.claude/skills/econstack/bin/').\n- [REMOTE_CODE_EXECUTION]: The skill uses the dangerous 'eval "$(...)"' pattern with the 'econstack-slug' binary. This allows the output of that binary to be executed as shell commands by the agent, potentially leading to arbitrary command execution if the binary's behavior is manipulated or compromised.\n- [EXTERNAL_DOWNLOADS]: The skill points users toward an external GitHub repository ('https://github.com/charlescoverdale/econstack-data.git') for its parameter database, which introduces a dependency on unverified third-party code and data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 13, 2026, 11:31 AM
Security Audit — agent-trust-hub — macro-briefing