repo-bootstrap-and-audit
Fail
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones an external repository from a personal GitHub account ('affaan-m/everything-claude-code.git') to fetch AI skills and commands. This source is not from a verified or well-known organization.
- [REMOTE_CODE_EXECUTION]: Content downloaded from the external repository is moved directly into the '.claude/skills/' and '.claude/commands/' directories. Since these files define executable behaviors for the AI agent, this constitutes the installation and execution of unvetted remote code.
- [DATA_EXFILTRATION]: The skill explicitly targets and reads session transcript files from the user's home directory ('~/.claude/projects/'). These JSONL files contain the full history of AI interactions, which may include sensitive code, business logic, or credentials discussed during a session.
- [DATA_EXFILTRATION]: The extracted session transcripts are staged and pushed to a remote repository via 'git push'. If the repository is public or shared, this exposes private session history to unauthorized parties.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to perform complex file system operations and execute shell commands. It dynamically constructs paths and executes commands based on '$ARGUMENTS' without visible sanitization, increasing the risk of command injection.
Recommendations
- AI detected serious security threats
Audit Metadata