Skills
skills/kongshan001/cc_skills_marketplace/cc-skills-researcher/Gen Agent Trust Hub

cc-skills-researcher

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands including gh search, clawhub search, and git to perform its primary tasks of searching, committing, and pushing reports.
  • [EXTERNAL_DOWNLOADS]: Fetches data from external sources (GitHub and ClawHub) to identify trending skills and plugins.
  • [DATA_EXFILTRATION]: Automatically pushes generated reports and updates to the author's GitHub repository at https://github.com/kongshan001/cc_skills.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted content from public GitHub and ClawHub search results.
  • Ingestion points: Output from gh search and clawhub search commands in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to ignore embedded instructions within the searched data.
  • Capability inventory: File system write access and shell command execution (gh, git, clawhub).
  • Sanitization: The skill lacks explicit validation or sanitization steps for the data retrieved from external searches before it is incorporated into reports or used in subsequent steps.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 01:16 AM