ccw-help
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The file
scripts/auto-update.pyusessubprocess.runto call a sibling Python scriptanalyze_commands.py. This is an intended management function for the skill to regenerate its local command index files by scanning the project's directory structure. - [DATA_ACCESS]: The
scripts/analyze_commands.pyscript reads markdown files from the.claude/commands,.claude/agents, and.claude/skillsdirectories to extract metadata (frontmatter) for indexing. This data is stored locally in JSON files for the skill's own lookups and is not transmitted externally. - [INDIRECT_PROMPT_INJECTION]: The skill builds its command database (
command.json) by ingesting content from various markdown files in the workspace, which represents an attack surface for indirect prompt injection if those files are from untrusted sources. - Ingestion points: The
analyze_commands.pyscript reads from thecommands/,agents/, andskills/directories. - Boundary markers: None identified in the provided indexing or processing logic.
- Capability inventory: The skill uses tools like
Read,Grep, andGloband can orchestrate command execution sequences. - Sanitization: The indexing script extracts raw frontmatter values without specific sanitization filters.
Audit Metadata