cli-anything-ccswitch

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a sensitive local SQLite database located at ~/.cc-switch/cc-switch.db. This database contains AI provider configurations, API tokens, and conversation history. While the skill claims to mask secrets in output, direct access to this configuration store represents exposure of sensitive data.
  • [PROMPT_INJECTION]: The skill processes data from a local database that includes historical conversation sessions, creating a surface for indirect prompt injection.
  • Ingestion points: Data from ~/.cc-switch/cc-switch.db is ingested via the sessions list, usage logs, and settings list commands.
  • Boundary markers: Absent; the skill does not specify delimiters or provide instructions to the agent to treat data from the database as untrusted content.
  • Capability inventory: The skill provides commands to modify tool configurations and settings, such as settings set and mcp enable.
  • Sanitization: No validation or sanitization mechanisms are described for inputs used in configuration commands or for data retrieved from the database.
  • [COMMAND_EXECUTION]: The skill defines an interface for executing CLI commands that perform write operations on local configurations, including enabling Model Context Protocol (MCP) servers and updating provider settings.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:09 AM
Security Audit — agent-trust-hub — cli-anything-ccswitch