Skills
skills/egorfedorov/claude-context-optimizer/cco-coach/Gen Agent Trust Hub

cco-coach

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands via the Bash tool. Specifically, it uses node ${CLAUDE_PLUGIN_ROOT}/src/prompt-coach.js with user-supplied text interpolated directly as a command-line argument.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection and command injection. It takes untrusted user input and places it within a shell command string.
  • Ingestion points: The user's last natural-language prompt or text provided as an argument to the /cco-coach command.
  • Boundary markers: The instructions suggest wrapping the input in double quotes ("the prompt text here"), but do not provide guidance on escaping shell metacharacters or handling input that contains quotes.
  • Capability inventory: The skill is granted access to the Bash tool, allowing it to execute arbitrary shell commands on the host environment.
  • Sanitization: There are no instructions or logic provided to sanitize, validate, or escape the user-provided content before it is processed by the shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 11:47 AM