cloc
Warn
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's bootstrap workflow directs the agent to install the
clocutility using system package managers withsudoprivileges (e.g.,sudo apt install cloc,sudo yum install cloc). While standard for software installation, this grants the agent elevated permissions on the host system. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface by instructing the agent to "Read the nearest AGENTS.md and confirm scope and constraints" and "respects the repo's AGENTS.md commands first." This allows an attacker who controls the repository content to potentially hijack the agent's behavior through instructions in the
AGENTS.mdfile. - Ingestion points:
AGENTS.mdfile in the repository being analyzed. - Boundary markers: None; the instructions explicitly tell the agent to prioritize content from this external file.
- Capability inventory: Shell command execution through
clocand system package management tools. - Sanitization: No sanitization or validation of the commands in
AGENTS.mdis specified. - [EXTERNAL_DOWNLOADS]: The skill provides instructions for downloading and installing
clocfrom official and well-known sources, such as theAlDanial/clocGitHub repository, official package registries (npm, Homebrew, Chocolatey, etc.), and Docker Hub (aldanial/cloc). These are legitimate distribution channels for the intended tool.
Audit Metadata