cli-anything-ccswitch
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses a sensitive local SQLite database located at
~/.cc-switch/cc-switch.db. This database contains AI provider configurations, API tokens, and conversation history. While the skill claims to mask secrets in output, direct access to this configuration store represents exposure of sensitive data. - [PROMPT_INJECTION]: The skill processes data from a local database that includes historical conversation sessions, creating a surface for indirect prompt injection.
- Ingestion points: Data from
~/.cc-switch/cc-switch.dbis ingested via thesessions list,usage logs, andsettings listcommands. - Boundary markers: Absent; the skill does not specify delimiters or provide instructions to the agent to treat data from the database as untrusted content.
- Capability inventory: The skill provides commands to modify tool configurations and settings, such as
settings setandmcp enable. - Sanitization: No validation or sanitization mechanisms are described for inputs used in configuration commands or for data retrieved from the database.
- [COMMAND_EXECUTION]: The skill defines an interface for executing CLI commands that perform write operations on local configurations, including enabling Model Context Protocol (MCP) servers and updating provider settings.
Audit Metadata